thanos | hxxps://github[.]com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware[.]Thanos/Ransomware[.]Thanos[.]zip

Analysis

max time kernel
596s
max time network
599s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2024, 20:42 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip

Score

10^/10

thanos discovery ransomware

Malware Config

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
behavioral1/files/0x000f000000023ba7-736.dat	disable_win_def

Thanos Ransomware
Ransomware-as-a-service (RaaS) sold through underground forums.
ransomware thanos

Thanos executable 1 IoCs

resource	yara_rule
behavioral1/files/0x000f000000023ba7-736.dat	family_thanos_ransomware

Thanos family
thanos

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
58	raw.githubusercontent.com
59	raw.githubusercontent.com

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\drivers.txt	Win32.WannaPeace.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 20 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\0\1\0\0\0\0\0\0	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\0\0\NodeSlot = "11"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\0\0\0 = 6600310000000000874fdb491400526567697374726174696f6e00004a0009000400efbe874fdb495c5924a62e00000092040000000001000000000000000000000000000000219b160152006500670069007300740072006100740069006f006e0000001c000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\0\1\0\0\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\Shell	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\21\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\Shell	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\21\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\23\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\0\0	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\0\0\1 = 5400310000000000874fdb491400536368656d6100003e0009000400efbe874fdb495c5924a62e00000093040000000001000000000000000000000000000000219b160153006300680065006d006100000016000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\0\1\0\MRUListEx = ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\21\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\21\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\0\0\MRUListEx = 0100000000000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\0\1\0\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\21\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\21	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202020202020202	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\23\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\21\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\0\1\0\0\0\0\0\0\0\MRUListEx = ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\0\1\0\0\0\0\0\0\0\0	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\22\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\23\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5124	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
3528	msedge.exe
3528	msedge.exe
2428	identity_helper.exe
2428	identity_helper.exe
2828	msedge.exe
2828	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
5764	msedge.exe
5764	msedge.exe
392	msedge.exe
392	msedge.exe
5168	msedge.exe
5168	msedge.exe
4500	msedge.exe
4500	msedge.exe
848	msedge.exe
848	msedge.exe
5016	msedge.exe
5016	msedge.exe
3748	msedge.exe
3748	msedge.exe
1396	msedge.exe
1396	msedge.exe
5708	msedge.exe
5708	msedge.exe
3076	msedge.exe
3076	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4684	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1852	firefox.exe
Token: SeDebugPrivilege	1852	firefox.exe
Token: SeDebugPrivilege	1852	firefox.exe
Token: SeRestorePrivilege	3792	7zFM.exe
Token: 35	3792	7zFM.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
3792	7zFM.exe
3528	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
3528	msedge.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
1852	firefox.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3028	OpenWith.exe
3028	OpenWith.exe
3028	OpenWith.exe
3028	OpenWith.exe
3028	OpenWith.exe
3028	OpenWith.exe
3028	OpenWith.exe
3028	OpenWith.exe
3028	OpenWith.exe
3028	OpenWith.exe
3028	OpenWith.exe
3028	OpenWith.exe
3028	OpenWith.exe
3028	OpenWith.exe
3028	OpenWith.exe
3028	OpenWith.exe
3028	OpenWith.exe
5428	OpenWith.exe
5428	OpenWith.exe
5428	OpenWith.exe
5488	AcroRd32.exe
5488	AcroRd32.exe
5488	AcroRd32.exe
5488	AcroRd32.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6140	OpenWith.exe
6096	OpenWith.exe
6096	OpenWith.exe
6096	OpenWith.exe
6096	OpenWith.exe
6096	OpenWith.exe
6096	OpenWith.exe
6096	OpenWith.exe
6096	OpenWith.exe
6096	OpenWith.exe
6096	OpenWith.exe
6096	OpenWith.exe
6096	OpenWith.exe
6096	OpenWith.exe
6096	OpenWith.exe
6096	OpenWith.exe
6096	OpenWith.exe
6096	OpenWith.exe
6096	OpenWith.exe
6096	OpenWith.exe
6096	OpenWith.exe
6096	OpenWith.exe
5208	OpenWith.exe
5208	OpenWith.exe
5208	OpenWith.exe
5208	OpenWith.exe
5208	OpenWith.exe
5208	OpenWith.exe
5208	OpenWith.exe
5208	OpenWith.exe
5208	OpenWith.exe
1852	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3528 wrote to memory of 5012	3528	msedge.exe	85
PID 3528 wrote to memory of 5012	3528	msedge.exe	85
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1760	3528	msedge.exe	86
PID 3528 wrote to memory of 1136	3528	msedge.exe	87
PID 3528 wrote to memory of 1136	3528	msedge.exe	87
PID 3528 wrote to memory of 2616	3528	msedge.exe	88
PID 3528 wrote to memory of 2616	3528	msedge.exe	88
PID 3528 wrote to memory of 2616	3528	msedge.exe	88
PID 3528 wrote to memory of 2616	3528	msedge.exe	88
PID 3528 wrote to memory of 2616	3528	msedge.exe	88
PID 3528 wrote to memory of 2616	3528	msedge.exe	88
PID 3528 wrote to memory of 2616	3528	msedge.exe	88
PID 3528 wrote to memory of 2616	3528	msedge.exe	88
PID 3528 wrote to memory of 2616	3528	msedge.exe	88
PID 3528 wrote to memory of 2616	3528	msedge.exe	88
PID 3528 wrote to memory of 2616	3528	msedge.exe	88
PID 3528 wrote to memory of 2616	3528	msedge.exe	88
PID 3528 wrote to memory of 2616	3528	msedge.exe	88
PID 3528 wrote to memory of 2616	3528	msedge.exe	88
PID 3528 wrote to memory of 2616	3528	msedge.exe	88
PID 3528 wrote to memory of 2616	3528	msedge.exe	88
PID 3528 wrote to memory of 2616	3528	msedge.exe	88
PID 3528 wrote to memory of 2616	3528	msedge.exe	88
PID 3528 wrote to memory of 2616	3528	msedge.exe	88
PID 3528 wrote to memory of 2616	3528	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd446646f8,0x7ffd44664708,0x7ffd44664718
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1996,1196456945351361371,14023924647792196386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5100

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3972

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5428
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Ransomware.Thanos\ae66e009e16f0fad3b70ad20801f48f2edb904fa5341a89e126a26fd3fc80f75"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:5488
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5600
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=09549EFD7B7CA44F984F96E0C5E5E403 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:5740
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A678496DD28F380B8A6E9F4F96B538C3 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A678496DD28F380B8A6E9F4F96B538C3 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:5756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5944

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6140
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Ransomware.Thanos\5d40615701c48a122e44f831e7c8643d07765629a83b15d090587f469c77693d
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:5124

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6096

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5208
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Ransomware.Thanos\c460fc0d4fdaf5c68623e18de106f1c3601d7bd6ba80ddad86c10fd6ea123850"
  2⤵
  PID:5276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\Ransomware.Thanos\c460fc0d4fdaf5c68623e18de106f1c3601d7bd6ba80ddad86c10fd6ea123850
    3⤵
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:1852
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5187054a-c926-4d34-8fa8-532a4e60ef43} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" gpu
      4⤵
      PID:5332
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2428 -prefMapHandle 2416 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b098512b-2ac4-4cb4-9bb5-723e37bec37f} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" socket
      4⤵
      Checks processor information in registry
      PID:5340
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3192 -childID 1 -isForBrowser -prefsHandle 2992 -prefMapHandle 3216 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b38dd02-eacd-491b-a977-b7760d1e7638} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" tab
      4⤵
      PID:4276
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2980 -childID 2 -isForBrowser -prefsHandle 3604 -prefMapHandle 1592 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce0266c7-6a25-4c71-9c86-703c60bc720c} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" tab
      4⤵
      PID:4536
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5156 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f0f678e-61d1-474e-8710-adc902fd83ea} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" utility
      4⤵
      Checks processor information in registry
      PID:5888
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 3 -isForBrowser -prefsHandle 5380 -prefMapHandle 5376 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0dc9b64f-8ac1-4bcc-8137-8c3d94cb5f06} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" tab
      4⤵
      PID:1268
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5508 -prefMapHandle 5512 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {909ce595-ef01-46b3-8a87-4769d6207946} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" tab
      4⤵
      PID:5160
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5796 -childID 5 -isForBrowser -prefsHandle 5716 -prefMapHandle 5724 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1316 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {418a77cf-7a55-41a6-9cb4-c40fe1f6eb69} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" tab
      4⤵
      PID:3320

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Admin\Downloads\Ransomware.Thanos\c460fc0d4fdaf5c68623e18de106f1c3601d7bd6ba80ddad86c10fd6ea123850
1⤵
PID:2528
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Admin\Downloads\Ransomware.Thanos\c460fc0d4fdaf5c68623e18de106f1c3601d7bd6ba80ddad86c10fd6ea123850
  2⤵
  - Checks processor information in registry
  PID:5784

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Friday_the_13th.408\Friday_the_13th.408.com"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3792

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:4684

C:\Users\Admin\Downloads\Win32.WannaPeace (1)\Win32.WannaPeace.exe
"C:\Users\Admin\Downloads\Win32.WannaPeace (1)\Win32.WannaPeace.exe"
1⤵
- Drops file in Program Files directory
PID:3284
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\yy20grrr\yy20grrr.cmdline"
  2⤵
  PID:5196

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\42b098f0bacd41cc810db69f06af3d8b /t 5264 /p 3284
1⤵
PID:3436

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528884
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of SendNotifyMessage
  PID:5708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd446646f8,0x7ffd44664708,0x7ffd44664718
    3⤵
    PID:3480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,12721063250669686980,5632626290550657960,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
    3⤵
    PID:6004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,12721063250669686980,5632626290550657960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,12721063250669686980,5632626290550657960,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
    3⤵
    PID:5976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12721063250669686980,5632626290550657960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
    3⤵
    PID:3660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12721063250669686980,5632626290550657960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
    3⤵
    PID:3580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12721063250669686980,5632626290550657960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
    3⤵
    PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528884
  2⤵
  PID:1704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd446646f8,0x7ffd44664708,0x7ffd44664718
    3⤵
    PID:4864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1432,1604041816938149687,16704971293138073825,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
    3⤵
    PID:5408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1432,1604041816938149687,16704971293138073825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1004

Network

DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

github.com

msedge.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
GET

https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:42:32 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"6b904ef30f83948649027de9e2d5441e"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
set-cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.654803613.1730148152; Path=/; Domain=github.com; Expires=Tue, 28 Oct 2025 20:42:32 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Tue, 28 Oct 2025 20:42:32 GMT; HttpOnly; Secure; SameSite=Lax
accept-ranges: bytes
x-github-request-id: E866:3121DC:18F5E47:1C29483:671FF734
GET

https://github.com/ytisf/theZoo/security/overall-count

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/security/overall-count HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
accept: text/fragment+html
dnt: 1
x-requested-with: XMLHttpRequest
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:42:33 GMT
content-type: text/fragment+html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
cache-control: max-age=14400, private
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 20
x-github-request-id: E866:3121DC:18F5F16:1C29567:671FF738
GET

https://github.com/ytisf/theZoo/refs?type=branch

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/refs?type=branch HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
accept: application/json
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:42:33 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"4290ea190ac7cfa6152d96871092db0c"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 99
x-github-request-id: E866:3121DC:18F5F33:1C29587:671FF739
GET

https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/latest-commit/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:42:33 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d43e46c95c5f6ea2afcb266c4624db9b"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 167
x-github-request-id: E866:3121DC:18F5F33:1C29589:671FF739
GET

https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/deferred-metadata/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:42:33 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d12d54907ea5cbafe4dc4fde1934f484"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 465
x-github-request-id: E866:3121DC:18F5F33:1C29588:671FF739
GET

https://github.com/ytisf/theZoo/refs?type=branch

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/refs?type=branch HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
accept: application/json
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
if-none-match: W/"4290ea190ac7cfa6152d96871092db0c"

Response

HTTP/2.0 304

server: GitHub.com
date: Mon, 28 Oct 2024 20:42:33 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"4290ea190ac7cfa6152d96871092db0c"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
x-github-request-id: E866:3121DC:18F5F4C:1C295AD:671FF739
GET

https://github.com/ytisf/theZoo/refs?type=branch

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/refs?type=branch HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
accept: application/json
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
if-none-match: W/"4290ea190ac7cfa6152d96871092db0c"

Response

HTTP/2.0 304

server: GitHub.com
date: Mon, 28 Oct 2024 20:42:33 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"4290ea190ac7cfa6152d96871092db0c"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
x-github-request-id: E866:3121DC:18F5F67:1C295BC:671FF739
GET

https://github.com/manifest.json

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /manifest.json HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: manifest
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:42:26 GMT
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
cache-control: max-age=604800, public
etag: W/"c75e05794d72230a695e880f1a6c83a4"
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-type: application/manifest+json; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
content-length: 474
x-github-request-id: E866:3121DC:18F5FE9:1C2964E:671FF73A
GET

https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 302

server: GitHub.com
date: Mon, 28 Oct 2024 20:42:41 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin:
location: https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: E866:3121DC:18F6255:1C29904:671FF73B
DNS

215.156.26.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.156.26.20.in-addr.arpa

IN PTR

Response
DNS

71.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.31.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

205.47.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.47.74.20.in-addr.arpa

IN PTR

Response
DNS

avatars.githubusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

avatars.githubusercontent.com

IN A

Response

avatars.githubusercontent.com

IN A

185.199.111.133

avatars.githubusercontent.com

IN A

185.199.108.133

avatars.githubusercontent.com

IN A

185.199.110.133

avatars.githubusercontent.com

IN A

185.199.109.133
DNS

github.githubassets.com

msedge.exe

Remote address:

8.8.8.8:53

Request

github.githubassets.com

IN A

Response

github.githubassets.com

IN A

185.199.111.154

github.githubassets.com

IN A

185.199.108.154

github.githubassets.com

IN A

185.199.110.154

github.githubassets.com

IN A

185.199.109.154
GET

https://avatars.githubusercontent.com/u/5548594?v=4&size=40

msedge.exe

Remote address:

185.199.111.133:443

Request

GET /u/5548594?v=4&size=40 HTTP/2.0
host: avatars.githubusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=300
content-security-policy: default-src 'none'
content-type: image/png
etag: "5f227cdb5f9dce2c1ce02167479ee206c63a35c0e1f34bcb52f72f65c3ee0fc1"
last-modified: Mon, 23 Nov 2020 22:49:29 GMT
strict-transport-security: max-age=31557600
timing-allow-origin: https://github.com
x-content-type-options: nosniff
x-frame-options: deny
x-github-tenant:
x-xss-protection: 1; mode=block
x-github-request-id: B4D9:328E91:23137E:2BDE50:671F4DBF
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:35 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600053-LCY
x-cache: HIT
x-cache-hits: 0
x-timer: S1730148155.068008,VS0,VE1
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: a8766910e6a5229ef2d692f18eeeba14869a660a
expires: Mon, 28 Oct 2024 20:47:35 GMT
source-age: 43384
vary: Authorization,Accept-Encoding
content-length: 109
GET

https://avatars.githubusercontent.com/u/5548594?s=32&v=4

msedge.exe

Remote address:

185.199.111.133:443

Request

GET /u/5548594?s=32&v=4 HTTP/2.0
host: avatars.githubusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=300
content-security-policy: default-src 'none'
content-type: image/png
etag: "3b0019708d5b0f0d6c45572bda8b6755bc361a904f15ded3c0fa5ee6f191a0d1"
last-modified: Mon, 23 Nov 2020 22:49:29 GMT
strict-transport-security: max-age=31557600
timing-allow-origin: https://github.com
x-content-type-options: nosniff
x-frame-options: deny
x-github-tenant:
x-xss-protection: 1; mode=block
x-github-request-id: 56BD:312368:359B44:419A8B:671FF79C
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:44:13 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600053-LCY
x-cache: MISS
x-cache-hits: 0
x-timer: S1730148253.227669,VS0,VE177
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 796347cfe149711db0bdc9aab8b38452d922cc67
expires: Mon, 28 Oct 2024 20:49:13 GMT
source-age: 0
vary: Authorization,Accept-Encoding
content-length: 104
GET

https://avatars.githubusercontent.com/u/5548594?s=40&v=4

msedge.exe

Remote address:

185.199.111.133:443

Request

GET /u/5548594?s=40&v=4 HTTP/2.0
host: avatars.githubusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=300
content-security-policy: default-src 'none'
content-type: image/png
etag: "5f227cdb5f9dce2c1ce02167479ee206c63a35c0e1f34bcb52f72f65c3ee0fc1"
last-modified: Mon, 23 Nov 2020 22:49:29 GMT
strict-transport-security: max-age=31557600
timing-allow-origin: https://github.com
x-content-type-options: nosniff
x-frame-options: deny
x-github-tenant:
x-xss-protection: 1; mode=block
x-github-request-id: F884:1CC360:6720E0:7DBAE3:671FF7A3
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:44:20 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600053-LCY
x-cache: MISS
x-cache-hits: 0
x-timer: S1730148260.999595,VS0,VE109
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: f47e83aa65847a5a8f98e4d198f29190340c7c0c
expires: Mon, 28 Oct 2024 20:49:20 GMT
source-age: 0
vary: Authorization,Accept-Encoding
content-length: 109
GET

https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

msedge.exe

Remote address:

185.199.111.133:443

Request

GET /ytisf/theZoo/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip HTTP/2.0
host: raw.githubusercontent.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
etag: W/"d92a6b4ac7aef4224b73ff226096d86a2320c1c4f57e5f4927dae8a7c6f65f26"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: D8D3:223DAF:67A2B8:7E41BB:671FF938
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:51:06 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600053-LCY
x-cache: MISS
x-cache-hits: 0
x-timer: S1730148666.050452,VS0,VE162
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: db94c0d8a48a1305787d5f6326c8a07c3ccd0e77
expires: Mon, 28 Oct 2024 20:56:06 GMT
source-age: 0
content-length: 489151
DNS

github-cloud.s3.amazonaws.com

msedge.exe

Remote address:

8.8.8.8:53

Request

github-cloud.s3.amazonaws.com

IN A

Response

github-cloud.s3.amazonaws.com

IN CNAME

s3-1-w.amazonaws.com

s3-1-w.amazonaws.com

IN CNAME

s3-w.us-east-1.amazonaws.com

s3-w.us-east-1.amazonaws.com

IN A

52.216.219.177

s3-w.us-east-1.amazonaws.com

IN A

3.5.29.124

s3-w.us-east-1.amazonaws.com

IN A

52.216.221.121

s3-w.us-east-1.amazonaws.com

IN A

54.231.235.33

s3-w.us-east-1.amazonaws.com

IN A

16.182.106.201

s3-w.us-east-1.amazonaws.com

IN A

54.231.136.121

s3-w.us-east-1.amazonaws.com

IN A

52.216.222.169

s3-w.us-east-1.amazonaws.com

IN A

52.217.36.252
GET

https://github.githubassets.com/assets/light-3e154969b9f9.css

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/light-3e154969b9f9.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Tue, 27 Aug 2024 20:35:59 GMT
etag: "0x8DCC6D7DBFA7D4F"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 2895272
x-served-by: cache-iad-kiad7000157-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 86, 10963
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: e5757be9d3a230cdd6bf26904fb4b43e252e4a12
content-length: 6876
GET

https://github.githubassets.com/assets/dark-9c5b7a476542.css

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/dark-9c5b7a476542.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Tue, 27 Aug 2024 20:36:01 GMT
etag: "0x8DCC6D7DD54695E"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 4204358
x-served-by: cache-iad-kcgs7200095-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 61, 10955
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: e3daae241c89d834a00fdd6d06a3dc0190bc880d
content-length: 6804
GET

https://github.githubassets.com/assets/primer-primitives-4cf0d59ab51a.css

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/primer-primitives-4cf0d59ab51a.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Tue, 22 Oct 2024 14:04:49 GMT
etag: "0x8DCF2A27E51F886"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 526584
x-served-by: cache-iad-kjyo7100025-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 40, 12935
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 6a73cd808302fd4ca040e6a42970be0756b586cb
content-length: 38074
GET

https://github.githubassets.com/assets/repository-31ce1dda752d.css

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/repository-31ce1dda752d.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Fri, 11 Oct 2024 15:01:32 GMT
etag: "0x8DCEA05981BFFE9"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 526584
x-served-by: cache-iad-kiad7000033-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 40, 13009
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 3a419fac487391f05d278686de9fee8a19261a28
content-length: 38507
GET

https://github.githubassets.com/assets/code-2cae59811c3d.css

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/code-2cae59811c3d.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Tue, 22 Oct 2024 14:40:07 GMT
etag: "0x8DCF2A76C9B92DC"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 526590
x-served-by: cache-iad-kjyo7100063-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 48, 13221
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 80e8cd31814e2de878644b5c4a8f8d9506abad31
content-length: 5353
GET

https://github.githubassets.com/assets/github-33c8af45ae17.css

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/github-33c8af45ae17.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Mon, 26 Aug 2024 16:36:17 GMT
etag: "0x8DCC5ED35736954"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 4197263
x-served-by: cache-iad-kjyo7100115-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 32, 8222
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: a353b1cdf0d20303c2e7ae6d88d19fcdfe7fa3d3
content-length: 479
GET

https://github.githubassets.com/assets/primer-03722e173ec3.css

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/primer-03722e173ec3.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Tue, 03 Sep 2024 18:51:51 GMT
etag: "0x8DCCC497906BD46"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 3495672
x-served-by: cache-iad-kiad7000060-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 148, 11088
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: b8e2885488551d8fbd3fdc44b970400814ce1e65
content-length: 1582
GET

https://github.githubassets.com/assets/global-521d889e2b6c.css

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/global-521d889e2b6c.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Thu, 24 Oct 2024 17:36:42 GMT
etag: "0x8DCF4526C918060"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 249043
x-served-by: cache-iad-kjyo7100022-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 26, 6486
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 2f553f1d3aee61f9fdfe6b0ad4357b1c1e836db6
content-length: 5068
GET

https://github.githubassets.com/assets/notifications-subscriptions-menu.1bcff9205c241e99cff2.module.css

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/notifications-subscriptions-menu.1bcff9205c241e99cff2.module.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Tue, 22 Oct 2024 14:04:49 GMT
etag: "0x8DCF2A27DFF2C30"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 526584
x-served-by: cache-iad-kjyo7100127-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 40, 12750
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 26ae264ce7c46e9d988a91da67636f6d481c11d7
content-length: 21215
GET

https://github.githubassets.com/assets/react-code-view.3a11433d5fb649f11287.module.css

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/react-code-view.3a11433d5fb649f11287.module.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Tue, 22 Oct 2024 13:38:58 GMT
etag: "0x8DCF29EE1811395"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 526572
x-served-by: cache-iad-kcgs7200029-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 62, 7177
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: f8f71f8fe4a351ee60d35099f5013c42c1b903e3
content-length: 5143
GET

https://github.githubassets.com/assets/primer-react.7558f0254d56b9bec77f.module.css

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/primer-react.7558f0254d56b9bec77f.module.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Tue, 22 Oct 2024 14:40:07 GMT
etag: "0x8DCF2A76CB628D6"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 526568
x-served-by: cache-iad-kcgs7200048-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 41, 3486
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: fa60b2d92c5a079687bdc0b2c89df8d6dbec4f6f
content-length: 1071
GET

https://github.githubassets.com/assets/wp-runtime-9031999f1721.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/wp-runtime-9031999f1721.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 17 Oct 2024 18:11:50 GMT
etag: "0x8DCEED72C589A6E"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 922729
x-served-by: cache-iad-kiad7000114-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 60, 11691
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 935b57d47b731725388436f5626db6144eb6cefa
content-length: 2204
GET

https://github.githubassets.com/assets/vendors-node_modules_dompurify_dist_purify_js-b73fdff77a4e.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_dompurify_dist_purify_js-b73fdff77a4e.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 06 Sep 2024 21:21:21 GMT
etag: "0x8DCCEB9DAE401E8"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 4158262
x-served-by: cache-iad-kjyo7100107-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 89, 11158
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 1ff35c0c8902dec06bd8350561f6154975eefd69
content-length: 4840
GET

https://github.githubassets.com/assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-aff936e590ed.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-aff936e590ed.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 13 Sep 2024 14:50:55 GMT
etag: "0x8DCD403787F634B"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 2897912
x-served-by: cache-iad-kcgs7200073-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 14, 11216
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 5e3c3091f39fb1772b4ebe81a92bf94234a98eb8
content-length: 4948
GET

https://github.githubassets.com/assets/vendors-node_modules_github_arianotify-polyfill_ariaNotify-polyfill_js-node_modules_github_mi-247092-76666ec8c39f.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_github_arianotify-polyfill_ariaNotify-polyfill_js-node_modules_github_mi-247092-76666ec8c39f.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 08 Aug 2024 18:12:13 GMT
etag: "0x8DCB7D5A12F3F7D"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 464331
x-served-by: cache-iad-kcgs7200153-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 22219, 11033
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 701580a723579d751bbfd4b93c76a9b2348f79fc
content-length: 3816
GET

https://github.githubassets.com/assets/ui_packages_failbot_failbot_ts-6accc016605a.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/ui_packages_failbot_failbot_ts-6accc016605a.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 18 Oct 2024 16:11:14 GMT
etag: "0x8DCEF8F7D67CE94"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 861101
x-served-by: cache-iad-kcgs7200041-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 115, 11867
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: c932ad5c2a2644f343c5767f4cf1eb4d481d9d0b
content-length: 6098
GET

https://github.githubassets.com/assets/environment-b7c8196d9516.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/environment-b7c8196d9516.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 15 Oct 2024 16:12:32 GMT
etag: "0x8DCED342CBF7E60"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 922729
x-served-by: cache-iad-kiad7000021-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 59, 11653
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 3ebf1141a4307884de0b0cf7db23c233524599e2
content-length: 3082
GET

https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_index_mjs-4aa4b0e95669.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_primer_behaviors_dist_esm_index_mjs-4aa4b0e95669.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 24 Oct 2024 03:04:28 GMT
etag: "0x8DCF3D893316D2D"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 279762
x-served-by: cache-iad-kiad7000061-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 16, 9141
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 2b426f40d2dcdc803484d750c5c32792d8a112f9
content-length: 60170
GET

https://github.githubassets.com/assets/vendors-node_modules_github_selector-observer_dist_index_esm_js-f690fd9ae3d5.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_github_selector-observer_dist_index_esm_js-f690fd9ae3d5.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 10 Oct 2024 23:50:06 GMT
etag: "0x8DCE986445110D7"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 970708
x-served-by: cache-iad-kjyo7100156-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 16, 10645
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 5ce4f3f37a979791e3c7433e7d4fee5105d67bac
content-length: 5473
GET

https://github.githubassets.com/assets/vendors-node_modules_github_relative-time-element_dist_index_js-6d3967acd51c.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_github_relative-time-element_dist_index_js-6d3967acd51c.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 25 Oct 2024 20:15:28 GMT
etag: "0x8DCF531C523B052"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 257745
x-served-by: cache-iad-kiad7000168-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 30, 2320
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 24110d3bd3252cd26da7a8ebd5bd7c95e43d8bab
content-length: 8208
GET

https://github.githubassets.com/assets/vendors-node_modules_github_combobox-nav_dist_index_js-node_modules_github_g-emoji-element_di-6ce195-53781cbc550f.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_github_combobox-nav_dist_index_js-node_modules_github_g-emoji-element_di-6ce195-53781cbc550f.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 24 Oct 2024 20:05:22 GMT
etag: "0x8DCF4673119C273"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 342936
x-served-by: cache-iad-kcgs7200035-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 42, 3154
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: eb6fcc0d699f9efd467d32bf245b0704c1e67e97
content-length: 18512
GET

https://github.githubassets.com/assets/vendors-node_modules_github_text-expander-element_dist_index_js-f5498b8d4e5d.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_github_text-expander-element_dist_index_js-f5498b8d4e5d.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 24 Oct 2024 20:05:21 GMT
etag: "0x8DCF46730844504"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 342936
x-served-by: cache-iad-kiad7000088-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 42, 3267
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 2f0ce30247869c5fdec47742210b17c732920962
content-length: 64648
GET

https://github.githubassets.com/assets/vendors-node_modules_github_auto-complete-element_dist_index_js-a164c5ea9f62.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_github_auto-complete-element_dist_index_js-a164c5ea9f62.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 22 Oct 2024 13:39:02 GMT
etag: "0x8DCF29EE431D6FF"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 526572
x-served-by: cache-iad-kiad7000064-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 49, 9846
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 8e96b04f86ac7d189f18db105ee048d8476cf3da
content-length: 7392
GET

https://github.githubassets.com/assets/vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-d1a841-8f251a0656e7.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-d1a841-8f251a0656e7.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 02 Oct 2024 18:46:05 GMT
etag: "0x8DCE312790353D7"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 2185305
x-served-by: cache-iad-kiad7000037-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 20, 10951
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 06d1dbb8b8762009cc1ac11168be65fac576d9a3
content-length: 5011
GET

https://github.githubassets.com/assets/vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-f4b251-f7c3b6081b19.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-f4b251-f7c3b6081b19.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Mon, 07 Oct 2024 20:02:10 GMT
etag: "0x8DCE70AED8CFDAF"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 550026
x-served-by: cache-iad-kiad7000084-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 27, 11058
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 40024e23c59bc7e1ccda39abc47a06c79e57cbd3
content-length: 5640
GET

https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_stacktrace-parser_dist_s-1f651a-0cff18664748.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_stacktrace-parser_dist_s-1f651a-0cff18664748.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 22 Oct 2024 13:39:01 GMT
etag: "0x8DCF29EE34DA830"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 526583
x-served-by: cache-iad-kiad7000131-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 40, 12467
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 7e4ef84e6c899fd6d2a4e626595de5b23dd6428f
content-length: 3423
GET

https://github.githubassets.com/assets/vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-21f158-6ce6e035e87d.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-21f158-6ce6e035e87d.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 08 Aug 2024 18:12:13 GMT
etag: "0x8DCB7D5A13028DA"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:32 GMT
age: 2389710
x-served-by: cache-iad-kcgs7200022-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 3451, 9299
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 101354cb558329a4ddc9d14fabd092e009b11323
content-length: 5219
GET

https://github.githubassets.com/assets/github-elements-aeb1b578f60b.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/github-elements-aeb1b578f60b.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 22 Oct 2024 19:37:25 GMT
etag: "0x8DCF2D0F4F3ADBB"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 441032
x-served-by: cache-iad-kjyo7100063-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 18, 14031
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 2c87f22368b392ffecb9aaa0529b85b09b98dc0b
content-length: 3737
GET

https://github.githubassets.com/assets/element-registry-bf60c7f61ab1.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/element-registry-bf60c7f61ab1.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 20 Aug 2024 15:46:26 GMT
etag: "0x8DCC12F400738CD"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 2973576
x-served-by: cache-iad-kjyo7100129-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 4, 10918
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 4a0e9dae178af153f9972ee7a250a5ffa4d5a742
content-length: 3038
GET

https://github.githubassets.com/assets/vendors-node_modules_github_catalyst_lib_index_js-node_modules_primer_live-region-element_dis-037ad60-8582b70cd5a9.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_github_catalyst_lib_index_js-node_modules_primer_live-region-element_dis-037ad60-8582b70cd5a9.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 22 Oct 2024 19:37:37 GMT
etag: "0x8DCF2D0FC044A8B"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 441029
x-served-by: cache-iad-kiad7000089-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 53, 8195
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: aff94881e231030407f2f7b719ebd4d690e91c06
content-length: 6221
GET

https://github.githubassets.com/assets/vendors-node_modules_braintree_browser-detection_dist_browser-detection_js-node_modules_githu-bb80ec-634de60bacfa.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_braintree_browser-detection_dist_browser-detection_js-node_modules_githu-bb80ec-634de60bacfa.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 25 Sep 2024 16:52:10 GMT
etag: "0x8DCDD8265CE7852"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 2358383
x-served-by: cache-iad-kjyo7100070-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 100, 11337
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 6d66575a35b785065961420f78b69d0c6549a674
content-length: 12728
GET

https://github.githubassets.com/assets/vendors-node_modules_lit-html_lit-html_js-ce7225a304c5.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_lit-html_lit-html_js-ce7225a304c5.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 22 Oct 2024 19:37:25 GMT
etag: "0x8DCF2D0F4F386D3"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 441032
x-served-by: cache-iad-kjyo7100023-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 17, 14015
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: a706e15f40438322dd8bbabf2ccc059c654f4387
content-length: 3100
GET

https://github.githubassets.com/assets/vendors-node_modules_github_hydro-analytics-client_dist_analytics-client_js-node_modules_gith-f3aee1-e6893db9c19e.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_github_hydro-analytics-client_dist_analytics-client_js-node_modules_gith-f3aee1-e6893db9c19e.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 08 Aug 2024 18:12:13 GMT
etag: "0x8DCB7D5A12F8D41"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 3585943
x-served-by: cache-iad-kiad7000168-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 42466, 11035
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: ae0906d2d9c507d6bfffcc0b112bb1b87dfa1f8f
content-length: 3284
GET

https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_morphdom_dist_morphdom-e-7c534c-f8a5485c982a.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_morphdom_dist_morphdom-e-7c534c-f8a5485c982a.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 25 Sep 2024 07:22:44 GMT
etag: "0x8DCDD32D992EAF2"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 2897912
x-served-by: cache-iad-kjyo7100109-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 14, 11152
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: b6da91c6976955af3857fd518b223c02edb5aa20
content-length: 4344
GET

https://github.githubassets.com/assets/vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-858e043fcf76.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-858e043fcf76.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 22 Oct 2024 13:39:05 GMT
etag: "0x8DCF29EE5B2CDB4"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 526573
x-served-by: cache-iad-kjyo7100096-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 34, 7619
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 9db06830720a01c5e3a84dadb7a8885d7b2c9f89
content-length: 3055
GET

https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-893f9f-6cf3320416b8.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-893f9f-6cf3320416b8.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 02 Oct 2024 18:46:06 GMT
etag: "0x8DCE3127990285C"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 2185307
x-served-by: cache-iad-kiad7000108-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 20, 11259
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 178453d21cc911855f8041cbb60df829c98e3a93
content-length: 4463
GET

https://github.githubassets.com/assets/vendors-node_modules_scroll-anchoring_dist_scroll-anchoring_esm_js-node_modules_stacktrace-pa-a71630-67856ad29bae.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_scroll-anchoring_dist_scroll-anchoring_esm_js-node_modules_stacktrace-pa-a71630-67856ad29bae.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 19 Sep 2024 22:11:30 GMT
etag: "0x8DCD8F803DFB5F0"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 632753
x-served-by: cache-iad-kjyo7100088-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 103, 11244
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 86ddd786521fc82593bb3a8a70082113576cc5a8
content-length: 6483
GET

https://github.githubassets.com/assets/vendors-node_modules_color-convert_index_js-0e07cc183eed.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_color-convert_index_js-0e07cc183eed.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 16 Oct 2024 22:32:14 GMT
etag: "0x8DCEE326277A1AA"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 1009971
x-served-by: cache-iad-kiad7000069-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 35, 13069
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: f31d2d8a9f064338f67b2eb2bd6c0cf4314c2d81
content-length: 102121
GET

https://github.githubassets.com/assets/vendors-node_modules_github_quote-selection_dist_index_js-node_modules_github_session-resume_-9a8cd2-373766bf71f1.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_github_quote-selection_dist_index_js-node_modules_github_session-resume_-9a8cd2-373766bf71f1.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 08 Aug 2024 18:12:13 GMT
etag: "0x8DCB7D5A12FB424"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 556132
x-served-by: cache-iad-kiad7000173-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 13884, 11032
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: c9b3240caabfc32e0de2079a54403913c28f4dbc
content-length: 3911
GET

https://github.githubassets.com/assets/ui_packages_sudo_sudo_ts-5723e2e31f3e.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/ui_packages_sudo_sudo_ts-5723e2e31f3e.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Mon, 16 Sep 2024 23:19:54 GMT
etag: "0x8DCD6A61268C08C"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 2901715
x-served-by: cache-iad-kcgs7200045-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 29, 11117
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 5b5701bbf16e680826d8d8731c68489643189e15
content-length: 4646
GET

https://github.githubassets.com/assets/ui_packages_updatable-content_updatable-content_ts-312700d0d136.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/ui_packages_updatable-content_updatable-content_ts-312700d0d136.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 16 Oct 2024 12:26:44 GMT
etag: "0x8DCEDDDCBB35C10"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 922728
x-served-by: cache-iad-kiad7000137-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 127, 6627
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 0c3e83e38d489349072a51db896f27a19765a558
content-length: 3376
GET

https://github.githubassets.com/assets/app_assets_modules_github_sticky-scroll-into-view_ts-ui_packages_onfocus_onfocus_ts-346d240435ec.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/app_assets_modules_github_sticky-scroll-into-view_ts-ui_packages_onfocus_onfocus_ts-346d240435ec.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 04 Oct 2024 18:15:49 GMT
etag: "0x8DCE4A09364EC4B"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 1825590
x-served-by: cache-iad-kjyo7100058-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 21, 11659
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 5b10e77a071fcb8a167ffc42c51cf91a3f2fba67
content-length: 3077
GET

https://github.githubassets.com/assets/app_assets_modules_github_behaviors_task-list_ts-app_assets_modules_github_sso_ts-1f593176c92a.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/app_assets_modules_github_behaviors_task-list_ts-app_assets_modules_github_sso_ts-1f593176c92a.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 23 Oct 2024 17:31:57 GMT
etag: "0x8DCF388983EE697"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 432569
x-served-by: cache-iad-kcgs7200092-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 76, 8289
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 63139c11f103306890757ebbc50fef64c79a23c4
content-length: 13163
GET

https://github.githubassets.com/assets/app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-d0d0a6-aa0f176b5b12.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-d0d0a6-aa0f176b5b12.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Sun, 27 Oct 2024 18:32:41 GMT
etag: "0x8DCF6B5BDF5DE1E"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 93407
x-served-by: cache-iad-kiad7000125-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 49, 4337
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: f540968479f66183b780d8d263b7e6b483b1ea4c
content-length: 14283
GET

https://github.githubassets.com/assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-c89801ebbe15.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-c89801ebbe15.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 17 Oct 2024 05:41:47 GMT
etag: "0x8DCEE6E646B3C8E"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 981579
x-served-by: cache-iad-kiad7000023-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 16, 14324
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 60bbef8c846874557562fac26106de8197e77394
content-length: 20375
GET

https://github.githubassets.com/assets/behaviors-01a538475f0f.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/behaviors-01a538475f0f.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Mon, 23 Sep 2024 19:06:40 GMT
etag: "0x8DCDC02DAFFB363"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 1571219
x-served-by: cache-iad-kcgs7200030-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 33, 11257
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: c7104be44a938055c4e3657b98acf0875049db79
content-length: 8031
GET

https://github.githubassets.com/assets/vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-06ff531-bf7e5a3732fd.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-06ff531-bf7e5a3732fd.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 04 Oct 2024 18:15:49 GMT
etag: "0x8DCE4A09364EC4B"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 1825590
x-served-by: cache-iad-kcgs7200104-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 21, 11193
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: cf45dda97bce48fdb803ceb0f68f98bcc7034450
content-length: 3079
GET

https://github.githubassets.com/assets/notifications-global-54f34167118d.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/notifications-global-54f34167118d.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 08 Aug 2024 18:12:14 GMT
etag: "0x8DCB7D5A13B8DA9"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 2958105
x-served-by: cache-iad-kjyo7100041-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 5892, 11334
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 5c46c0e9ef8c400426f08831fe6085e750dc58fa
content-length: 18641
GET

https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_catalyst_lib_inde-dbbea9-e73b311a14f1.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_catalyst_lib_inde-dbbea9-e73b311a14f1.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 22 Oct 2024 08:40:45 GMT
etag: "0x8DCF275389CECFD"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 539260
x-served-by: cache-iad-kjyo7100066-IAD, cache-lcy-eglc8600073-LCY
x-cache: MISS, HIT
x-cache-hits: 0, 13056
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: c011f58d9d4b4cf702178ba1377b91a41a8f95ef
content-length: 3520
GET

https://github.githubassets.com/assets/code-menu-2b308c1236c2.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/code-menu-2b308c1236c2.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 03 Oct 2024 14:48:22 GMT
etag: "0x8DCE3BA6DAC4270"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 2177244
x-served-by: cache-iad-kjyo7100161-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 21, 11234
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 25f63dd876de2427f7552e413d2e288f429c4101
content-length: 5763
GET

https://github.githubassets.com/assets/primer-react-65b92279806c.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/primer-react-65b92279806c.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 23 Oct 2024 22:24:11 GMT
etag: "0x8DCF3B16B65B376"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 350376
x-served-by: cache-iad-kiad7000125-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 44, 7864
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 082367f9501ed42a8e5ac1cbd7c6f1b29bcdbe3e
content-length: 8386
GET

https://github.githubassets.com/assets/react-core-8cc241fe292c.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/react-core-8cc241fe292c.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 23 Oct 2024 20:06:47 GMT
etag: "0x8DCF39E393CFFEC"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 432569
x-served-by: cache-iad-kcgs7200110-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 77, 8189
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 96b3d87d7f56ae0790e298bcd3b8a0570c483e39
content-length: 4461
GET

https://github.githubassets.com/assets/react-lib-7b7b5264f6c1.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/react-lib-7b7b5264f6c1.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 02 Oct 2024 18:46:05 GMT
etag: "0x8DCE31278FD8DF2"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 2185306
x-served-by: cache-iad-kcgs7200069-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 20, 11868
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 8edb8260a68a2a6554ee99357de8f6dffe92508e
content-length: 12363
GET

https://github.githubassets.com/assets/octicons-react-45c3a19dd792.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/octicons-react-45c3a19dd792.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 02 Oct 2024 18:46:05 GMT
etag: "0x8DCE3127901F5D6"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 1146965
x-served-by: cache-iad-kcgs7200143-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 20, 11278
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 2bda58250ee02c936906959e41dcdf62d7ed32b0
content-length: 4239
GET

https://github.githubassets.com/assets/vendors-node_modules_emotion_is-prop-valid_dist_emotion-is-prop-valid_esm_js-node_modules_emo-41da55-1851acd376ff.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_emotion_is-prop-valid_dist_emotion-is-prop-valid_esm_js-node_modules_emo-41da55-1851acd376ff.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 22 Oct 2024 19:37:37 GMT
etag: "0x8DCF2D0FC036126"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 441032
x-served-by: cache-iad-kjyo7100148-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 16, 14013
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: e3d117e312ade3bcb3ebd86d0b57b174f7b97d12
content-length: 3644
GET

https://github.githubassets.com/assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover-fn_js-4896ddd4b7bb.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover-fn_js-4896ddd4b7bb.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 08 Aug 2024 18:12:13 GMT
etag: "0x8DCB7D5A0C3D76A"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 1167498
x-served-by: cache-iad-kjyo7100087-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 24801, 10992
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: a15a6205694713ffe9e4776c05c198824981b666
content-length: 2385
GET

https://github.githubassets.com/assets/vendors-node_modules_react-reverse-portal_dist_web_index_js-node_modules_react-intersection-o-837f97-cf0d169497ea.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_react-reverse-portal_dist_web_index_js-node_modules_react-intersection-o-837f97-cf0d169497ea.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 08 Aug 2024 18:12:13 GMT
etag: "0x8DCB7D5A0C1B6EE"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 617730
x-served-by: cache-iad-kiad7000080-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 6180, 6160
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 3623f8404f99448cd93b37658deb52db663ee9b7
content-length: 2607
GET

https://github.githubassets.com/assets/ui_packages_aria-live_aria-live_ts-ui_packages_promise-with-resolvers-polyfill_promise-with-r-014121-e1792bd5a31e.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/ui_packages_aria-live_aria-live_ts-ui_packages_promise-with-resolvers-polyfill_promise-with-r-014121-e1792bd5a31e.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 13 Sep 2024 14:50:55 GMT
etag: "0x8DCD403787FB10E"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 2897912
x-served-by: cache-iad-kiad7000070-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 14, 11136
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: f084b0fdfb70237ce42f273b0cb1ea1128d3a0f3
content-length: 3971
GET

https://github.githubassets.com/assets/ui_packages_paths_index_ts-dce6cc95a312.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/ui_packages_paths_index_ts-dce6cc95a312.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 02 Oct 2024 18:46:02 GMT
etag: "0x8DCE3127730EEAF"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 2185307
x-served-by: cache-iad-kiad7000161-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 20, 12586
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 6caa089a060ea0336374a376010aac9d0c20936e
content-length: 90797
GET

https://github.githubassets.com/assets/ui_packages_ref-selector_RefSelector_tsx-51878e8faf2a.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/ui_packages_ref-selector_RefSelector_tsx-51878e8faf2a.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 22 Oct 2024 19:37:37 GMT
etag: "0x8DCF2D0FC04984B"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 441032
x-served-by: cache-iad-kcgs7200056-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 17, 14094
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 9a0abd43dbf15743a75916476269ae52e2eed57c
content-length: 3238
GET

https://github.githubassets.com/assets/ui_packages_code-view-shared_hooks_shortcuts_ts-ui_packages_code-view-shared_utilities_web-wo-eaf87a-d3536229ca1f.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/ui_packages_code-view-shared_hooks_shortcuts_ts-ui_packages_code-view-shared_utilities_web-wo-eaf87a-d3536229ca1f.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 17 Oct 2024 18:11:51 GMT
etag: "0x8DCEED72CB9821D"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 922729
x-served-by: cache-iad-kcgs7200065-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 60, 11992
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: f375ee5c7047292872239e14a0a4db5d406776db
content-length: 11167
GET

https://github.githubassets.com/assets/ui_packages_hydro-analytics_hydro-analytics_ts-ui_packages_verified-fetch_verified-fetch_ts-u-4672d1-44cbbea76d85.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/ui_packages_hydro-analytics_hydro-analytics_ts-ui_packages_verified-fetch_verified-fetch_ts-u-4672d1-44cbbea76d85.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 02 Oct 2024 18:46:06 GMT
etag: "0x8DCE312793D8352"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 2185306
x-served-by: cache-iad-kiad7000133-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 20, 11297
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 05d3500d79583ae3e3c7b9132e8147bb868dcbe8
content-length: 6302
GET

https://github.githubassets.com/assets/ui_packages_code-view-shared_hooks_use-canonical-object_ts-ui_packages_code-view-shared_utili-228da6-66d60a7b72be.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/ui_packages_code-view-shared_hooks_use-canonical-object_ts-ui_packages_code-view-shared_utili-228da6-66d60a7b72be.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 08 Aug 2024 18:12:12 GMT
etag: "0x8DCB7D5A07BFBE6"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 2906449
x-served-by: cache-iad-kiad7000133-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 15704, 10947
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 6586fb598275b5d50b91446ba28e15c82437a699
content-length: 4125
GET

https://github.githubassets.com/assets/ui_packages_code-view-shared_hooks_use-file-page-payload_ts-ui_packages_use-analytics_use-ana-590a3d-e0d488dddc50.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/ui_packages_code-view-shared_hooks_use-file-page-payload_ts-ui_packages_use-analytics_use-ana-590a3d-e0d488dddc50.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 10 Oct 2024 13:21:02 GMT
etag: "0x8DCE92E6380B39E"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 1571857
x-served-by: cache-iad-kjyo7100066-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 24, 11379
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: c46cdf0adf05155a67045ed811892ec9af7aef9e
content-length: 4310
GET

https://github.githubassets.com/assets/app_assets_modules_github_blob-anchor_ts-ui_packages_code-nav_code-nav_ts-ui_packages_filter--8253c1-87c39cb5708f.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/app_assets_modules_github_blob-anchor_ts-ui_packages_code-nav_code-nav_ts-ui_packages_filter--8253c1-87c39cb5708f.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 15 Oct 2024 16:12:32 GMT
etag: "0x8DCED342CC23A71"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 922727
x-served-by: cache-iad-kcgs7200024-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 64, 10378
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: f362e989241abab28b642107d279e372a88ec10a
content-length: 5389
GET

https://github.githubassets.com/assets/react-code-view-3ce1da712541.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/react-code-view-3ce1da712541.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 02 Oct 2024 18:46:06 GMT
etag: "0x8DCE31279A4D196"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 1076959
x-served-by: cache-iad-kjyo7100035-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 11, 3115
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: fce8fedc697515a64a7d21910653b4b969777fb9
content-length: 4049
GET

https://github.githubassets.com/assets/notifications-subscriptions-menu-0e6b6b6fce5a.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/notifications-subscriptions-menu-0e6b6b6fce5a.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 23 Oct 2024 12:11:23 GMT
etag: "0x8DCF35BD02A64D1"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 456272
x-served-by: cache-iad-kjyo7100041-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 29, 14581
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: e6b1de99a8b18511dced144ac0703c47345adda9
content-length: 39002
GET

https://github.githubassets.com/assets/vendors-node_modules_github_catalyst_lib_index_js-node_modules_github_hotkey_dist_index_js-no-d67c7f-bd7d077cdcb1.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_github_catalyst_lib_index_js-node_modules_github_hotkey_dist_index_js-no-d67c7f-bd7d077cdcb1.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 08 Aug 2024 18:12:06 GMT
etag: "0x8DCB7D59CFCE0CF"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 2975927
x-served-by: cache-iad-kjyo7100029-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 7855, 12120
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 3f787d39de34a0bdf7892a54be2f3c155cda198f
content-length: 54857
GET

https://github.githubassets.com/assets/ui_packages_ui-commands_ui-commands_ts-d25fac54a6bc.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/ui_packages_ui-commands_ui-commands_ts-d25fac54a6bc.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 25 Sep 2024 16:52:10 GMT
etag: "0x8DCDD8265CA851F"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 2850021
x-served-by: cache-iad-kiad7000079-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 100, 11177
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: b549af3c122b2e74f8e15825a1497ef0b497cd99
content-length: 3288
GET

https://github.githubassets.com/assets/keyboard-shortcuts-dialog-da2039f86b13.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/keyboard-shortcuts-dialog-da2039f86b13.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 19 Sep 2024 22:11:31 GMT
etag: "0x8DCD8F8042E40EF"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 3015513
x-served-by: cache-iad-kcgs7200136-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 105, 11186
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 0e7e8dbb838f10f1a61cdee2b0087d622881e836
content-length: 5759
GET

https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-94fd67-9a621ecbf672.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-94fd67-9a621ecbf672.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 16 Oct 2024 12:26:48 GMT
etag: "0x8DCEDDDCE774EA1"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 922136
x-served-by: cache-iad-kcgs7200109-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 108, 9776
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 061da7df81457ed57e7c9c8bf07f656ded441b5a
content-length: 4081
GET

https://github.githubassets.com/assets/sessions-b61003c45c5a.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/sessions-b61003c45c5a.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 08 Aug 2024 18:12:12 GMT
etag: "0x8DCB7D5A07C22CC"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 2904791
x-served-by: cache-iad-kjyo7100169-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 5653, 11014
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: a8501005f4099e4c8d094797b87d043eb8dbcc33
content-length: 4852
GET

https://github.githubassets.com/assets/chunk-app_components_primer_experimental_select-panel-element_ts-90c1b002fec5.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/chunk-app_components_primer_experimental_select-panel-element_ts-90c1b002fec5.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 24 Sep 2024 07:23:05 GMT
etag: "0x8DCDC69BBBBD3ED"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 2351867
x-served-by: cache-iad-kjyo7100098-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 1, 10483
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 618fb41bc7b3c1ac3b690833f11081fcf8cd3681
content-length: 7672
GET

https://github.githubassets.com/assets/chunk-app_components_primer_experimental_toggle-switch-element_ts-1077a1578034.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/chunk-app_components_primer_experimental_toggle-switch-element_ts-1077a1578034.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
content-md5: ZA5OR0tS1BbeQsfqNeCw7g==
last-modified: Wed, 14 Aug 2024 19:51:52 GMT
etag: "0x8DCBC9A8B29FF90"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 2967187
x-served-by: cache-iad-kjyo7100141-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 19727, 10119
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 590107e351eab233e72a70aff8f5bb09d9b2c675
content-length: 543
GET

https://github.githubassets.com/assets/chunk-node_modules_github_mini-throttle_dist_index_js-node_modules_stacktrace-parser_dist_stack-tra-a18fad-10420c0fcb9e.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/chunk-node_modules_github_mini-throttle_dist_index_js-node_modules_stacktrace-parser_dist_stack-tra-a18fad-10420c0fcb9e.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 17 Oct 2024 18:11:49 GMT
etag: "0x8DCEED72B452B3C"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 922728
x-served-by: cache-iad-kiad7000027-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 63, 10276
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 95d1480b1a5cf4555bad6e20defc20dbdc737301
content-length: 6222
GET

https://github.githubassets.com/assets/ui_packages_query-builder-element_query-builder-element_ts-1546dc8c42cb.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/ui_packages_query-builder-element_query-builder-element_ts-1546dc8c42cb.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 17 Oct 2024 18:11:48 GMT
etag: "0x8DCEED72B2E885B"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 922728
x-served-by: cache-iad-kcgs7200139-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 63, 12369
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: c0d041d346a8651b3927694c0c34c9a00a433519
content-length: 20400
GET

https://github.githubassets.com/assets/chunk-app_components_search_qbsearch-input-element_ts-ui_packages_trusted-types-policies_policy_ts--7cc11e-c9adc97f562b.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/chunk-app_components_search_qbsearch-input-element_ts-ui_packages_trusted-types-policies_policy_ts--7cc11e-c9adc97f562b.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 13 Sep 2024 14:50:54 GMT
etag: "0x8DCD40378515B21"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 2376418
x-served-by: cache-iad-kiad7000070-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 14, 11140
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 83d7a9b64444d4da5db2a88e1d36f1ad9c221d16
content-length: 7652
GET

https://github.githubassets.com/assets/chunk-ui_packages_cookie-consent-link-element_cookie-consent-link-element_ts-23c1cb96287b.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/chunk-ui_packages_cookie-consent-link-element_cookie-consent-link-element_ts-23c1cb96287b.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 16 Oct 2024 13:07:25 GMT
etag: "0x8DCEDE37AF59EA5"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 1056846
x-served-by: cache-iad-kcgs7200076-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 2, 10631
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 5b33b0b986eb9c3d6b0786b21200304c7077026a
content-length: 2941
GET

https://github.githubassets.com/assets/chunk-ui_packages_ghcc-consent-element_ghcc-consent-element_ts-2ab85b7d16d5.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/chunk-ui_packages_ghcc-consent-element_ghcc-consent-element_ts-2ab85b7d16d5.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 16 Oct 2024 13:07:25 GMT
etag: "0x8DCEDE37AF61357"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 1056845
x-served-by: cache-iad-kcgs7200025-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 2, 10432
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 62d6786eba5c8c8ab39382c27f1c57a1210346d0
content-length: 3179
GET

https://github.githubassets.com/assets/chunk-node_modules_github_mini-throttle_dist_index_js-node_modules_stacktrace-parser_dist_stack-tra-600f89-2300b882f669.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/chunk-node_modules_github_mini-throttle_dist_index_js-node_modules_stacktrace-parser_dist_stack-tra-600f89-2300b882f669.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 17 Oct 2024 18:11:49 GMT
etag: "0x8DCEED72B45790A"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 922728
x-served-by: cache-iad-kiad7000062-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 63, 12166
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 78e91c79bfe8327263c2aa1fad7caab828036bbb
content-length: 5615
GET

https://github.githubassets.com/assets/chunk-ui_packages_webauthn-get-element_webauthn-get-element_ts-eba7ee3409f2.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/chunk-ui_packages_webauthn-get-element_webauthn-get-element_ts-eba7ee3409f2.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
content-md5: VvBwy4NqnxK52DsiAv8DSA==
last-modified: Wed, 14 Aug 2024 19:54:00 GMT
etag: "0x8DCBC9AD72D85A2"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:33 GMT
age: 4198302
x-served-by: cache-iad-kcgs7200147-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 1074, 10097
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 7b5de44eed8fa8dab5f99dadc153131947b8e649
content-length: 2790
GET

https://github.githubassets.com/assets/chunk-vendors-node_modules_consent-banner_dist_consent-banner_js-d06d275cbddc.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/chunk-vendors-node_modules_consent-banner_dist_consent-banner_js-d06d275cbddc.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
content-md5: Sl55SYaMImCtL5+l+k36Gw==
last-modified: Wed, 14 Aug 2024 19:53:22 GMT
etag: "0x8DCBC9AC0F88440"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:35 GMT
age: 2386466
x-served-by: cache-iad-kcgs7200110-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 1293, 9634
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: db99daa05f3e54ee435cebe5cc222825d1ed059e
content-length: 9412
GET

https://github.githubassets.com/assets/vendors-node_modules_virtualized-list_es_index_js-node_modules_github_template-parts_lib_index_js-96453a51f920.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_virtualized-list_es_index_js-node_modules_github_template-parts_lib_index_js-96453a51f920.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 08 Aug 2024 18:12:15 GMT
etag: "0x8DCB7D5A25F63A1"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:44:19 GMT
age: 547593
x-served-by: cache-iad-kiad7000040-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 7891, 7510
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 2ae058ea4835b69e09853783c4af5beb445dd48e
content-length: 3888
GET

https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_github_catalyst_lib_index_-f60689-9a27a43d9ee6.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_github_catalyst_lib_index_-f60689-9a27a43d9ee6.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 02 Oct 2024 18:46:06 GMT
etag: "0x8DCE312798FB3AA"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:44:19 GMT
age: 2185403
x-served-by: cache-iad-kiad7000054-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 18, 2298
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: c3500fdd55d043a99f61f966c4ac568020d4b47f
content-length: 5962
GET

https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_decorators_js-node_modules_delegated-events_di-e161aa-a6774a3bb897.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/vendors-node_modules_github_mini-throttle_dist_decorators_js-node_modules_delegated-events_di-e161aa-a6774a3bb897.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 15 Oct 2024 16:12:32 GMT
etag: "0x8DCED342CBF7E60"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:44:19 GMT
age: 922393
x-served-by: cache-iad-kjyo7100092-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 89, 8109
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 84d692990bf53f47a41e1aa7e7adbcd93a296ce2
content-length: 3256
GET

https://github.githubassets.com/assets/app_assets_modules_github_ref-selector_ts-a14af0a18402.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/app_assets_modules_github_ref-selector_ts-a14af0a18402.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 19 Sep 2024 22:11:30 GMT
etag: "0x8DCD8F803DB004C"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:44:19 GMT
age: 2959916
x-served-by: cache-iad-kiad7000101-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 95, 6429
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 8bd365a40a077491cd23e50beeea0e18f2db8e8c
content-length: 4342
GET

https://github.githubassets.com/assets/app_assets_modules_github_diffs_blob-lines_ts-app_assets_modules_github_diffs_linkable-line-n-7600fd-7d4b12aeb6ca.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/app_assets_modules_github_diffs_blob-lines_ts-app_assets_modules_github_diffs_linkable-line-n-7600fd-7d4b12aeb6ca.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 22 Oct 2024 19:37:25 GMT
etag: "0x8DCF2D0F4F35FEB"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:44:19 GMT
age: 441139
x-served-by: cache-iad-kiad7000073-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 21, 2554
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: da8270596954baa5d269be7158db8447850e3106
content-length: 7340
GET

https://github.githubassets.com/assets/diffs-c208af17140e.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/diffs-c208af17140e.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 24 Oct 2024 20:05:18 GMT
etag: "0x8DCF4672EE6492B"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:44:19 GMT
age: 343034
x-served-by: cache-iad-kiad7000132-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 48, 1800
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: a5828f9bf54112034480ca6811df67d3f5c46e34
content-length: 20710
GET

https://github.githubassets.com/assets/chunk-app_components_pull_requests_file_tree_file-tree-element_ts-11cd7d6d03a2.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/chunk-app_components_pull_requests_file_tree_file-tree-element_ts-11cd7d6d03a2.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 15 Oct 2024 13:11:04 GMT
etag: "0x8DCED1AD30DC9B2"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:44:22 GMT
age: 465599
x-served-by: cache-iad-kiad7000020-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 29, 124
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 2e77387e84a1e382b16c7a3ab4250abdc65b6707
content-length: 2597
GET

https://github.githubassets.com/assets/chunk-app_components_pull_requests_file_tree_file-tree-toggle-element_ts-d08d4c339bcc.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/chunk-app_components_pull_requests_file_tree_file-tree-toggle-element_ts-d08d4c339bcc.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
content-md5: niqOP6PMz0bcrYgrFO92cg==
last-modified: Wed, 14 Aug 2024 19:51:52 GMT
etag: "0x8DCBC9A8B5EB74D"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:44:22 GMT
age: 3367386
x-served-by: cache-iad-kiad7000091-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 11015, 118
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 145f0bd6efff9fcd3417c2a3d68b1684e29269b5
content-length: 740
GET

https://github.githubassets.com/assets/chunk-ui_packages_experimental-action-list-element_experimental-action-list-element_ts-8ad7322b3760.js

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/chunk-ui_packages_experimental-action-list-element_experimental-action-list-element_ts-8ad7322b3760.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 19 Sep 2024 22:11:21 GMT
etag: "0x8DCD8F7FE42FEDF"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:44:22 GMT
age: 3031209
x-served-by: cache-iad-kjyo7100069-IAD, cache-lcy-eglc8600073-LCY
x-cache: HIT, HIT
x-cache-hits: 73, 146
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: b988fcd866a1699139d717713febffe4efa8d03b
content-length: 1587
DNS

user-images.githubusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

user-images.githubusercontent.com

IN A

Response

user-images.githubusercontent.com

IN A

185.199.109.133

user-images.githubusercontent.com

IN A

185.199.108.133

user-images.githubusercontent.com

IN A

185.199.110.133

user-images.githubusercontent.com

IN A

185.199.111.133
DNS

154.111.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.111.199.185.in-addr.arpa

IN PTR

Response

154.111.199.185.in-addr.arpa

IN PTR

cdn-185-199-111-154githubcom
DNS

collector.github.com

msedge.exe

Remote address:

8.8.8.8:53

Request

collector.github.com

IN A

Response

collector.github.com

IN CNAME

glb-db52c2cf8be544.github.com

glb-db52c2cf8be544.github.com

IN A

140.82.112.21
DNS

133.111.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.111.199.185.in-addr.arpa

IN PTR

Response

133.111.199.185.in-addr.arpa

IN PTR

cdn-185-199-111-133githubcom
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1075
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:42:36 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.096188
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7E0C75:9DD38F:671FF73A
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1054
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:42:36 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003596
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7E0C97:9DD3B4:671FF73C
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1357
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:42:36 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.099600
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7E0C97:9DD3B5:671FF73C
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1361
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:42:41 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.094886
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7E1602:9DDFB6:671FF73C
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1427
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:42:41 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.001986
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7E162A:9DDFE7:671FF741
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1423
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:43:20 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003824
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7E52A3:9E2DC7:671FF741
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 971
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:43:43 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.001909
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7E7633:9E5C0A:671FF77F
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1403
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:43:43 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003064
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7E7633:9E5C09:671FF768
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1040
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:43:46 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002867
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7E7ABD:9E61C8:671FF77F
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1431
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:43:47 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002410
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7E7BD6:9E6326:671FF782
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1089
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Friday_the_13th.408
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:44:04 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.095834
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7E97B3:9E86F7:671FF783
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1164
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Friday_the_13th.408
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:44:04 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.095725
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7E97B3:9E86F8:671FF794
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1490
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Friday_the_13th.408
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:44:04 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.094000
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7E97DF:9E872E:671FF794
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1142
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:44:07 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002512
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7E9C6B:9E8CDF:671FF794
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1157
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:44:07 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002549
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7E9C6F:9E8CE1:671FF797
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1563
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:44:07 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002656
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7E9CD3:9E8D67:671FF797
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1095
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:44:22 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003971
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7EB417:9EAB68:671FF797
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1173
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:44:23 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002695
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7EB563:9EAD0C:671FF7A6
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1173
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:44:23 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002596
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7EB563:9EAD0F:671FF7A7
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1173
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:44:23 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002538
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7EB565:9EAD19:671FF7A7
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.112.21:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1190
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:44:27 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002457
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: CA83:35B0D9:7EBB97:9EB54E:671FF7A7
DNS

21.112.82.140.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.112.82.140.in-addr.arpa

IN PTR

Response

21.112.82.140.in-addr.arpa

IN PTR

lb-140-82-112-21-iadgithubcom
DNS

21.112.82.140.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.112.82.140.in-addr.arpa

IN PTR
GET

https://github.githubassets.com/favicons/favicon.svg

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /favicons/favicon.svg HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: image/png
content-md5: YDrNCDxuYozaAYS2sPzvIQ==
last-modified: Wed, 14 Aug 2024 19:49:39 GMT
etag: "0x8DCBC9A3C0EF02F"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:35 GMT
age: 1178334
x-served-by: cache-iad-kiad7000023-IAD, cache-lon420124-LON
x-cache: HIT, HIT
x-cache-hits: 919, 2062
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 15e61bddd40f7ec96e5a8e086355cb9734d1844f
content-length: 14426
GET

https://github.githubassets.com/assets/apple-touch-icon-144x144-b882e354c005.png

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /assets/apple-touch-icon-144x144-b882e354c005.png HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/svg+xml
content-md5: bYAvaN8MCaSZfP0o7q/Z/w==
last-modified: Wed, 14 Aug 2024 19:18:58 GMT
etag: "0x8DCBC95F2647EDF"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:35 GMT
age: 77
x-served-by: cache-iad-kiad7000081-IAD, cache-lon420124-LON
x-cache: HIT, HIT
x-cache-hits: 5302948, 1
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 14c4ab7483fbdde95d6bb53f6fa7b0fba4b9408f
content-length: 959
GET

https://github.githubassets.com/favicons/favicon.png

msedge.exe

Remote address:

185.199.111.154:443

Request

GET /favicons/favicon.png HTTP/2.0
host: github.githubassets.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/png
content-md5: NG4JRxNi8pB1EKMYEhKc0g==
last-modified: Wed, 14 Aug 2024 19:18:46 GMT
etag: "0x8DCBC95EB57AC96"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:35 GMT
age: 126
x-served-by: cache-iad-kiad7000070-IAD, cache-lon420124-LON
x-cache: HIT, HIT
x-cache-hits: 2909101, 1
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: e52de52105e580aaaba3abdd03210b74bc63f328
content-length: 958
DNS

api.github.com

msedge.exe

Remote address:

8.8.8.8:53

Request

api.github.com

IN A

Response

api.github.com

IN A

20.26.156.210
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 2428
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Mon, 28 Oct 2024 20:42:35 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1730151755
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: D66E:281478:2224E40:240CD57:671FF73B
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 333
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Mon, 28 Oct 2024 20:42:46 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1730151766
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: D66E:281478:22251F4:240D152:671FF73B
DNS

210.156.26.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.156.26.20.in-addr.arpa

IN PTR

Response
DNS

raw.githubusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

raw.githubusercontent.com

IN A

Response

raw.githubusercontent.com

IN A

185.199.111.133

raw.githubusercontent.com

IN A

185.199.109.133

raw.githubusercontent.com

IN A

185.199.110.133

raw.githubusercontent.com

IN A

185.199.108.133
GET

https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip

msedge.exe

Remote address:

185.199.111.133:443

Request

GET /ytisf/theZoo/refs/heads/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip HTTP/2.0
host: raw.githubusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://github.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
etag: W/"a8753b42db9b43a69da9f030cebb5482de58f000bb663fd15f9a7548e43d7884"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 0CC7:332082:3247DA:3DC5DA:671FF740
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:42:41 GMT
via: 1.1 varnish
x-served-by: cache-lon420092-LON
x-cache: MISS
x-cache-hits: 0
x-timer: S1730148161.214164,VS0,VE167
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 3bdfc4e17959d874e50f309601b6101a6f6ca394
expires: Mon, 28 Oct 2024 20:47:41 GMT
source-age: 0
content-length: 148809
GET

https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip

msedge.exe

Remote address:

185.199.111.133:443

Request

GET /ytisf/theZoo/refs/heads/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip HTTP/2.0
host: raw.githubusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://github.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
etag: W/"20714aafa4a385c84db76a4e8babf82f30c6e7b2cfa26f438c12407dc92de265"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: B838:383DEB:24953B:2CB493:671FF771
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:44:32 GMT
via: 1.1 varnish
x-served-by: cache-lon420092-LON
x-cache: MISS
x-cache-hits: 0
x-timer: S1730148273.701065,VS0,VE144
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 6b672c6ffb4d3758de6933e75e6f53a5dee9d160
expires: Mon, 28 Oct 2024 20:49:32 GMT
source-age: 0
content-length: 763
GET

https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip

msedge.exe

Remote address:

185.199.111.133:443

Request

GET /ytisf/theZoo/refs/heads/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip HTTP/2.0
host: raw.githubusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://github.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
etag: W/"8b63c019b3978594a8df6dbe2e6acf9ad9cf5e9a56114a503925d646c7b8d9ea"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 1252:256AE7:54C1E3:6705B1:671FF86D
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:47:45 GMT
via: 1.1 varnish
x-served-by: cache-lon420092-LON
x-cache: MISS
x-cache-hits: 0
x-timer: S1730148465.338068,VS0,VE239
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: dc7bd2b1252910a4a0826bdc6de86dacff38d343
expires: Mon, 28 Oct 2024 20:52:45 GMT
source-age: 0
content-length: 1018148
GET

https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip

msedge.exe

Remote address:

185.199.111.133:443

Request

GET /ytisf/theZoo/refs/heads/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip HTTP/2.0
host: raw.githubusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://github.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
etag: W/"0429b057ecd66dc0d8dab1cf91cf7c78f17a7361eed73a1c53aa957225227a51"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 7392:256AE7:54C522:670999:671FF8A3
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:48:37 GMT
via: 1.1 varnish
x-served-by: cache-lon420092-LON
x-cache: MISS
x-cache-hits: 0
x-timer: S1730148517.863276,VS0,VE187
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 3be80789ee0d5d58a59ca1ac3fe6a6807ffd344f
expires: Mon, 28 Oct 2024 20:53:37 GMT
source-age: 0
content-length: 393117
GET

https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip

msedge.exe

Remote address:

185.199.111.133:443

Request

GET /ytisf/theZoo/refs/heads/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip HTTP/2.0
host: raw.githubusercontent.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://github.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
etag: W/"7480f8bfcf477c8917220f8093e64db1b605be121ac42c8223dd4f8adbe9e62a"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: C13B:3607C4:6873F1:7F1237:671FF909
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:50:18 GMT
via: 1.1 varnish
x-served-by: cache-lon420092-LON
x-cache: MISS
x-cache-hits: 0
x-timer: S1730148618.307634,VS0,VE161
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 29d63141b97bfcdd31589d502f7adc666f859edf
expires: Mon, 28 Oct 2024 20:55:18 GMT
source-age: 0
content-length: 100292
OPTIONS

https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

msedge.exe

Remote address:

185.199.111.133:443

Request

OPTIONS /ytisf/theZoo/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip HTTP/2.0
host: raw.githubusercontent.com
accept: */*
access-control-request-method: GET
access-control-request-headers: turbo-visit
origin: https://github.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

cache-control: no-cache
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 0
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:;
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:51:05 GMT
via: 1.1 varnish
x-served-by: cache-lon420092-LON
x-cache: MISS
x-cache-hits: 0
x-timer: S1730148666.796203,VS0,VE2
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 39f7d25340b53dad97c9d774ceaa5a910f84a7fd
expires: Mon, 28 Oct 2024 20:56:05 GMT
vary: Authorization,Accept-Encoding
OPTIONS

https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

msedge.exe

Remote address:

185.199.111.133:443

Request

OPTIONS /ytisf/theZoo/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip HTTP/2.0
host: raw.githubusercontent.com
accept: */*
access-control-request-method: GET
access-control-request-headers: turbo-visit
origin: https://github.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 403

cache-control: no-cache
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 0
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:;
accept-ranges: bytes
date: Mon, 28 Oct 2024 20:51:08 GMT
via: 1.1 varnish
x-served-by: cache-lon420092-LON
x-cache: MISS
x-cache-hits: 0
x-timer: S1730148669.685491,VS0,VE2
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: f4ae5803edca7bb54b52eaba780f7dd4997665fa
expires: Mon, 28 Oct 2024 20:56:08 GMT
vary: Authorization,Accept-Encoding
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

56.163.245.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.163.245.4.in-addr.arpa

IN PTR

Response
DNS

241.42.69.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.42.69.40.in-addr.arpa

IN PTR

Response
DNS

69.209.201.84.in-addr.arpa

Remote address:

8.8.8.8:53

Request

69.209.201.84.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

github.com

msedge.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
GET

https://github.com/ytisf/theZoo/tree/master/malware

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/tree/master/malware HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: application/json
x-requested-with: XMLHttpRequest
x-react-router: json
x-github-target: dotcom
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:43:43 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"aee2cf60ce3c9e3f321169101a637bd1"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 1020
x-github-request-id: D895:2C9DB6:1F47894:233A2D3:671FF77F
GET

https://github.com/ytisf/theZoo/latest-commit/master/malware

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/latest-commit/master/malware HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:43:43 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d43e46c95c5f6ea2afcb266c4624db9b"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 167
x-github-request-id: D895:2C9DB6:1F478BD:233A308:671FF77F
GET

https://github.com/ytisf/theZoo/tree-commit-info/master/malware

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/tree-commit-info/master/malware HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:43:43 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"80bd02ed7ba7019bb99915eefec4a612"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 462
x-github-request-id: D895:2C9DB6:1F478BC:233A306:671FF77F
GET

https://github.com/ytisf/theZoo/deferred-metadata/master/malware

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/deferred-metadata/master/malware HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:43:43 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"f46089972211ea4f4c4f739d137d14da"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 400
x-github-request-id: D895:2C9DB6:1F478BC:233A307:671FF77F
GET

https://github.com/ytisf/theZoo/tree/master/malware/Binaries

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/tree/master/malware/Binaries HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: application/json
x-requested-with: XMLHttpRequest
x-react-router: json
x-github-target: dotcom
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:43:45 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"049f615a3bea18db6ab3501c3434c576"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 4133
x-github-request-id: D895:2C9DB6:1F47984:233A3E6:671FF77F
GET

https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/latest-commit/master/malware/Binaries HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:43:46 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d43e46c95c5f6ea2afcb266c4624db9b"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 167
x-github-request-id: D895:2C9DB6:1F479CC:233A43F:671FF782
GET

https://github.com/ytisf/theZoo/tree-commit-info/master/malware/Binaries

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/tree-commit-info/master/malware/Binaries HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:43:46 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"80bd02ed7ba7019bb99915eefec4a612"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 462
x-github-request-id: D895:2C9DB6:1F479CC:233A43D:671FF781
GET

https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/deferred-metadata/master/malware/Binaries HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:43:46 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"34bcb8e8db93cc776b7b72c6b63ccdbe"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 3942
x-github-request-id: D895:2C9DB6:1F479CC:233A43E:671FF782
GET

https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Friday_the_13th.408

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/tree/master/malware/Binaries/Friday_the_13th.408 HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: application/json
x-requested-with: XMLHttpRequest
x-react-router: json
x-github-target: dotcom
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Friday_the_13th.408
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:44:03 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"1fca93f2f50786cc12be722608fbaf91"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 4202
x-github-request-id: D895:2C9DB6:1F48122:233AC76:671FF782
GET

https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/Friday_the_13th.408

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/latest-commit/master/malware/Binaries/Friday_the_13th.408 HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Friday_the_13th.408
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:44:03 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d43e46c95c5f6ea2afcb266c4624db9b"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 167
x-github-request-id: D895:2C9DB6:1F4815C:233ACBA:671FF793
GET

https://github.com/ytisf/theZoo/tree-commit-info/master/malware/Binaries/Friday_the_13th.408

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/tree-commit-info/master/malware/Binaries/Friday_the_13th.408 HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Friday_the_13th.408
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:44:03 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d12d54907ea5cbafe4dc4fde1934f484"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 465
x-github-request-id: D895:2C9DB6:1F4815C:233ACB8:671FF793
GET

https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/Friday_the_13th.408

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/deferred-metadata/master/malware/Binaries/Friday_the_13th.408 HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Friday_the_13th.408
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:44:03 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"a279aa25e2cdcc7da3343eab64e61777"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 360
x-github-request-id: D895:2C9DB6:1F4815C:233ACB9:671FF793
GET

https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: application/json
x-requested-with: XMLHttpRequest
x-react-router: json
x-github-target: dotcom
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:44:07 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"be4ce1bd2050501c26a539dc6e3cb512"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 4983
x-github-request-id: D895:2C9DB6:1F482C7:233AE68:671FF793
GET

https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/latest-commit/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:44:07 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d12d54907ea5cbafe4dc4fde1934f484"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 465
x-github-request-id: D895:2C9DB6:1F48301:233AEA1:671FF797
GET

https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/deferred-metadata/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:44:07 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d43e46c95c5f6ea2afcb266c4624db9b"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 167
x-github-request-id: D895:2C9DB6:1F48301:233AEA2:671FF797
GET

https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666/hovercard?subject=repository%3A15776012&current_path=%2Fytisf%2FtheZoo%2Fblob%2Fmaster%2Fmalware%2FBinaries%2FFriday_the_13th.408%2FFriday_the_13th.408.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666/hovercard?subject=repository%3A15776012&current_path=%2Fytisf%2FtheZoo%2Fblob%2Fmaster%2Fmalware%2FBinaries%2FFriday_the_13th.408%2FFriday_the_13th.408.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
x-requested-with: XMLHttpRequest
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:44:13 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"fbde04d55df01abf329f16e6c829cca9"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
x-html-safe: 86d1aae3522b53c6a67cfa97f781e387e583f2c33fe445cb5f3b4de066c8225c
accept-ranges: bytes
content-length: 1420
x-github-request-id: D895:2C9DB6:1F484C7:233B095:671FF797
GET

https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666 HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
accept: text/html, application/xhtml+xml
dnt: 1
turbo-visit: true
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:44:17 GMT
content-type: text/html; charset=utf-8
cache-control: max-age=0, private, must-revalidate
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
referrer-policy: no-referrer-when-downgrade
server-timing: repo_layout-fragment;desc="repo_layout fragment";dur=116.088938,commit_show_contents-fragment;desc="commit_show_contents fragment";dur=4274.509162,commit_show_header-fragment;desc="commit_show_header fragment";dur=73.503924,nginx;desc="NGINX";dur=0.833783,glb;desc="GLB";dur=40.398865
strict-transport-security: max-age=31536000; includeSubdomains; preload
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-content-type-options: nosniff
x-frame-options: deny
x-voltron-version: 69a2227
x-xss-protection: 0
content-encoding: gzip
x-html-safe: 86d1aae3522b53c6a67cfa97f781e387e583f2c33fe445cb5f3b4de066c8225c
accept-ranges: bytes
x-github-request-id: D895:2C9DB6:1F4858F:233B17B:671FF79D
GET

https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666 HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
accept: text/html, application/xhtml+xml
dnt: 1
turbo-visit: true
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:44:17 GMT
content-type: text/html; charset=utf-8
cache-control: max-age=0, private, must-revalidate
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
referrer-policy: no-referrer-when-downgrade
server-timing: repo_layout-fragment;desc="repo_layout fragment";dur=116.088938,commit_show_contents-fragment;desc="commit_show_contents fragment";dur=4274.509162,commit_show_header-fragment;desc="commit_show_header fragment";dur=73.503924,nginx;desc="NGINX";dur=0.833783,glb;desc="GLB";dur=40.398865
strict-transport-security: max-age=31536000; includeSubdomains; preload
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-content-type-options: nosniff
x-frame-options: deny
x-voltron-version: 69a2227
x-xss-protection: 0
content-encoding: gzip
x-html-safe: 86d1aae3522b53c6a67cfa97f781e387e583f2c33fe445cb5f3b4de066c8225c
accept-ranges: bytes
x-github-request-id: D895:2C9DB6:1F487B1:233B3DB:671FF7A2
GET

https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666 HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
accept: text/html, application/xhtml+xml
dnt: 1
turbo-visit: true
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:44:17 GMT
content-type: text/html; charset=utf-8
cache-control: max-age=0, private, must-revalidate
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
referrer-policy: no-referrer-when-downgrade
server-timing: repo_layout-fragment;desc="repo_layout fragment";dur=116.088938,commit_show_contents-fragment;desc="commit_show_contents fragment";dur=4274.509162,commit_show_header-fragment;desc="commit_show_header fragment";dur=73.503924,nginx;desc="NGINX";dur=0.833783,glb;desc="GLB";dur=40.398865
strict-transport-security: max-age=31536000; includeSubdomains; preload
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-content-type-options: nosniff
x-frame-options: deny
x-voltron-version: 69a2227
x-xss-protection: 0
content-encoding: gzip
x-html-safe: 86d1aae3522b53c6a67cfa97f781e387e583f2c33fe445cb5f3b4de066c8225c
accept-ranges: bytes
x-github-request-id: D895:2C9DB6:1F487C0:233B3F2:671FF7A2
POST

https://github.com/commits/badges

msedge.exe

Remote address:

20.26.156.215:443

Request

POST /commits/badges HTTP/2.0
host: github.com
content-length: 564
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
accept: application/json
dnt: 1
x-requested-with: XMLHttpRequest
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: multipart/form-data; boundary=----WebKitFormBoundaryhEq9cpLeZUSZx6Tq
origin: https://github.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:44:22 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame
etag: W/"6bae784d2bb43660da0fbcdf352a6097"
cache-control: max-age=0, private, must-revalidate
set-cookie: _gh_sess=11jwvhW09vJ5QKAMVeyTrk05IwR6z%2FrTknWs3CSuoptrRuvUGX52CfCGijxzZuEZz5skSmplh1gwhcwPPOnQ9vie4%2FOaiIyWHvkhJoAvr3xNb4yEGEdGQUCFKhIh%2F4GVDGirSWANnq%2FQ9%2BQJXCL9qvAJtEAlAdBEMQdOSoYm5miBWM163cKAxuwBZUnnuYaV4nlQIUGFux26amlcdA5gakvIj0qXsSsYp125o86y0PG%2FN5QJCETIqWY7%2FFlVbe0aQDsQNd8%2B%2BEVHPSPIIhC0mA%3D%3D--Lhh2l6iiGjYsbcEO--7dZT%2Bm%2BAxCxcxR4jzpBvUw%3D%3D; path=/; secure; HttpOnly; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
vary: Accept-Encoding, Accept, X-Requested-With
content-encoding: gzip
x-github-request-id: D895:2C9DB6:1F48988:233B601:671FF7A3
GET

https://github.com/ytisf/theZoo/branch_commits/b013182f34eecab0aca5b7b9c29bcedc01908666

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/branch_commits/b013182f34eecab0aca5b7b9c29bcedc01908666 HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
accept: text/html
dnt: 1
x-requested-with: XMLHttpRequest
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:44:23 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"a83a1d2771a42fccf33cfa47ff688c9c"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
x-html-safe: 86d1aae3522b53c6a67cfa97f781e387e583f2c33fe445cb5f3b4de066c8225c
accept-ranges: bytes
content-length: 378
x-github-request-id: D895:2C9DB6:1F4898C:233B605:671FF7A6
GET

https://github.com/ytisf/theZoo/diffs?bytes=271&commit=b013182f34eecab0aca5b7b9c29bcedc01908666&lines=12&responsive=true&sha1=5def2149daf1ce2ce0605a207390a7298a9863b1&sha2=b013182f34eecab0aca5b7b9c29bcedc01908666&start_entry=300&sticky=false&w=false

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/diffs?bytes=271&commit=b013182f34eecab0aca5b7b9c29bcedc01908666&lines=12&responsive=true&sha1=5def2149daf1ce2ce0605a207390a7298a9863b1&sha2=b013182f34eecab0aca5b7b9c29bcedc01908666&start_entry=300&sticky=false&w=false HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
accept: text/html
dnt: 1
x-requested-with: XMLHttpRequest
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:44:23 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"4af4d7867f64a7f4e490a3d1aa3dc988"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
x-html-safe: 86d1aae3522b53c6a67cfa97f781e387e583f2c33fe445cb5f3b4de066c8225c
accept-ranges: bytes
x-github-request-id: D895:2C9DB6:1F48997:233B60F:671FF7A6
GET

https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
accept: text/html, application/xhtml+xml
dnt: 1
turbo-visit: true
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=nVb9fOjfr6%2By9jQfogoB84%2FbPsaVm3bihJI858YzNJ%2B1kh%2Fmn6Zz4ifozzB3rF5eqCJMWdKC%2BIhD2g3DRaBRzaxVB5nwp8TpoDe1Py%2BZxMq6IyV1emco1RNWiDMBBvq3B68CWWu1Gvo2bJB9Ia1vGL8nh0Qx29WxIJcR4OsXJQ4UvrjlGC2uNmfvcNWAFcU1E5yJQu85sbzbt6E3ypj4q2xjrQ6ZMJ0hKJz%2BaiZDMnYKa4vtssVWlWU8%2FLz4T8wcuo4ZehTRZ6ppv3Jno3uOWQ%3D%3D--wxPd5ZTs4ps0vaTL--MsizRef8ekSGhRNMuIb90Q%3D%3D
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
if-none-match: W/"be4ce1bd2050501c26a539dc6e3cb512"

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:44:25 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"ab66aa81c9b090cb9d547b933d5dec15"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
x-html-safe: 86d1aae3522b53c6a67cfa97f781e387e583f2c33fe445cb5f3b4de066c8225c
accept-ranges: bytes
content-length: 49925
x-github-request-id: D895:2C9DB6:1F48994:233B60B:671FF7A6
GET

https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/latest-commit/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=11jwvhW09vJ5QKAMVeyTrk05IwR6z%2FrTknWs3CSuoptrRuvUGX52CfCGijxzZuEZz5skSmplh1gwhcwPPOnQ9vie4%2FOaiIyWHvkhJoAvr3xNb4yEGEdGQUCFKhIh%2F4GVDGirSWANnq%2FQ9%2BQJXCL9qvAJtEAlAdBEMQdOSoYm5miBWM163cKAxuwBZUnnuYaV4nlQIUGFux26amlcdA5gakvIj0qXsSsYp125o86y0PG%2FN5QJCETIqWY7%2FFlVbe0aQDsQNd8%2B%2BEVHPSPIIhC0mA%3D%3D--Lhh2l6iiGjYsbcEO--7dZT%2Bm%2BAxCxcxR4jzpBvUw%3D%3D
if-none-match: W/"d12d54907ea5cbafe4dc4fde1934f484"

Response

HTTP/2.0 304

server: GitHub.com
date: Mon, 28 Oct 2024 20:44:07 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d12d54907ea5cbafe4dc4fde1934f484"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
x-github-request-id: D895:2C9DB6:1F48B37:233B7EA:671FF7A9
GET

https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/deferred-metadata/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=11jwvhW09vJ5QKAMVeyTrk05IwR6z%2FrTknWs3CSuoptrRuvUGX52CfCGijxzZuEZz5skSmplh1gwhcwPPOnQ9vie4%2FOaiIyWHvkhJoAvr3xNb4yEGEdGQUCFKhIh%2F4GVDGirSWANnq%2FQ9%2BQJXCL9qvAJtEAlAdBEMQdOSoYm5miBWM163cKAxuwBZUnnuYaV4nlQIUGFux26amlcdA5gakvIj0qXsSsYp125o86y0PG%2FN5QJCETIqWY7%2FFlVbe0aQDsQNd8%2B%2BEVHPSPIIhC0mA%3D%3D--Lhh2l6iiGjYsbcEO--7dZT%2Bm%2BAxCxcxR4jzpBvUw%3D%3D
if-none-match: W/"d43e46c95c5f6ea2afcb266c4624db9b"

Response

HTTP/2.0 304

server: GitHub.com
date: Mon, 28 Oct 2024 20:44:07 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d43e46c95c5f6ea2afcb266c4624db9b"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
x-github-request-id: D895:2C9DB6:1F48B37:233B7EB:671FF7AB
GET

https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=11jwvhW09vJ5QKAMVeyTrk05IwR6z%2FrTknWs3CSuoptrRuvUGX52CfCGijxzZuEZz5skSmplh1gwhcwPPOnQ9vie4%2FOaiIyWHvkhJoAvr3xNb4yEGEdGQUCFKhIh%2F4GVDGirSWANnq%2FQ9%2BQJXCL9qvAJtEAlAdBEMQdOSoYm5miBWM163cKAxuwBZUnnuYaV4nlQIUGFux26amlcdA5gakvIj0qXsSsYp125o86y0PG%2FN5QJCETIqWY7%2FFlVbe0aQDsQNd8%2B%2BEVHPSPIIhC0mA%3D%3D--Lhh2l6iiGjYsbcEO--7dZT%2Bm%2BAxCxcxR4jzpBvUw%3D%3D

Response

HTTP/2.0 302

server: GitHub.com
date: Mon, 28 Oct 2024 20:44:32 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin:
location: https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: D895:2C9DB6:1F48D53:233BA55:671FF7AB
DNS

api.github.com

msedge.exe

Remote address:

8.8.8.8:53

Request

api.github.com

IN A

Response

api.github.com

IN A

20.26.156.210
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 1189
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Mon, 28 Oct 2024 20:43:55 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1730151835
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: F0E0:321E4D:1232EE9:137A806:671FF78A
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 1178
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Friday_the_13th.408
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Mon, 28 Oct 2024 20:44:03 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1730151843
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: F0E0:321E4D:1233229:137AB6E:671FF78B
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 688
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Mon, 28 Oct 2024 20:44:12 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1730151852
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: F0E0:321E4D:123350E:137AE88:671FF793
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 2603
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Mon, 28 Oct 2024 20:44:34 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1730151874
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: F0E0:321E4D:1233CE4:137B6F2:671FF79C
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301020_14A3TVXX0O1AF1LY0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239317301020_14A3TVXX0O1AF1LY0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 487795
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 43E669652B6A49F49D06D0DAC8D32393 Ref B: LON601060105031 Ref C: 2024-10-28T20:44:10Z
date: Mon, 28 Oct 2024 20:44:09 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388091_1UZ9QPHUDICWZFIUE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239339388091_1UZ9QPHUDICWZFIUE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 434887
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3049601405DF45B7801D6C52D397C84A Ref B: LON601060105031 Ref C: 2024-10-28T20:44:10Z
date: Mon, 28 Oct 2024 20:44:09 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301453_1HOUYPI9NYZFL407Y&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239317301453_1HOUYPI9NYZFL407Y&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 329375
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F5C7071A50794FD4AC86B305FD8F2FF9 Ref B: LON601060105031 Ref C: 2024-10-28T20:44:10Z
date: Mon, 28 Oct 2024 20:44:09 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388092_16GTZ1ZLJFZVK1WDY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239339388092_16GTZ1ZLJFZVK1WDY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 398516
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3CED58F08AC242D596DC459A724E0DB3 Ref B: LON601060105031 Ref C: 2024-10-28T20:44:10Z
date: Mon, 28 Oct 2024 20:44:09 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239353582480_11Y0WDW5HLDOO8GP5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239353582480_11Y0WDW5HLDOO8GP5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 679925
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D4A9B185699642298FBD6D49697A1C30 Ref B: LON601060105031 Ref C: 2024-10-28T20:44:10Z
date: Mon, 28 Oct 2024 20:44:09 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239353582481_1UFRZG7HSKJ6VOM8D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239353582481_1UFRZG7HSKJ6VOM8D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 645633
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DE5DF56758884FF4A60D8750B507E3C3 Ref B: LON601060105031 Ref C: 2024-10-28T20:44:10Z
date: Mon, 28 Oct 2024 20:44:10 GMT
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

10.27.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.27.171.150.in-addr.arpa

IN PTR

Response
DNS

github-cloud.s3.amazonaws.com

msedge.exe

Remote address:

8.8.8.8:53

Request

github-cloud.s3.amazonaws.com

IN A

Response

github-cloud.s3.amazonaws.com

IN CNAME

s3-1-w.amazonaws.com

s3-1-w.amazonaws.com

IN CNAME

s3-w.us-east-1.amazonaws.com

s3-w.us-east-1.amazonaws.com

IN A

3.5.25.141

s3-w.us-east-1.amazonaws.com

IN A

3.5.30.218

s3-w.us-east-1.amazonaws.com

IN A

3.5.25.44

s3-w.us-east-1.amazonaws.com

IN A

52.216.28.20

s3-w.us-east-1.amazonaws.com

IN A

3.5.25.147

s3-w.us-east-1.amazonaws.com

IN A

16.15.177.5

s3-w.us-east-1.amazonaws.com

IN A

3.5.30.59

s3-w.us-east-1.amazonaws.com

IN A

54.231.160.89
DNS

spocs.getpocket.com

firefox.exe

Remote address:

8.8.8.8:53

Request

spocs.getpocket.com

IN A

Response

spocs.getpocket.com

IN CNAME

prod.ads.prod.webservices.mozgcp.net

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
DNS

spocs.getpocket.com

firefox.exe

Remote address:

8.8.8.8:53

Request

spocs.getpocket.com

IN A

Response

spocs.getpocket.com

IN CNAME

prod.ads.prod.webservices.mozgcp.net

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
DNS

firefox-api-proxy.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-api-proxy.cdn.mozilla.net

IN A

Response

firefox-api-proxy.cdn.mozilla.net

IN CNAME

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN A

34.149.97.1
DNS

firefox-api-proxy.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-api-proxy.cdn.mozilla.net

IN A

Response

firefox-api-proxy.cdn.mozilla.net

IN CNAME

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN A

34.149.97.1
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN A

Response

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN A

34.149.97.1
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

prod.ads.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.ads.prod.webservices.mozgcp.net

IN A

Response

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A

Response

shavar.prod.mozaws.net

IN A

34.218.156.47

shavar.prod.mozaws.net

IN A

34.211.181.209

shavar.prod.mozaws.net

IN A

52.32.18.233
DNS

prod.ads.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.ads.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

Response

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

2600:1901:0:74e4::
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

209.181.211.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.181.211.34.in-addr.arpa

IN PTR

Response

209.181.211.34.in-addr.arpa

IN PTR

ec2-34-211-181-209 us-west-2compute amazonawscom
DNS

api.github.com

msedge.exe

Remote address:

8.8.8.8:53

Request

api.github.com

IN A

Response

api.github.com

IN A

20.26.156.210
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 485
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Mon, 28 Oct 2024 20:46:28 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1730151988
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: F0CD:38365E:DD303A:EBCF85:671FF824
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 2568
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Mon, 28 Oct 2024 20:46:45 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1730152005
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: F0CD:38365E:DD35BC:EBD569:671FF824
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 283
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/theZoo.py
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Mon, 28 Oct 2024 20:46:57 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1730152017
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: F0CD:38365E:DD3A1F:EBDA1C:671FF835
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 198
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/theZoo.py
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Mon, 28 Oct 2024 20:47:06 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1730152026
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: F0CD:38365E:DD3DEB:EBDE28:671FF841
DNS

collector.github.com

msedge.exe

Remote address:

8.8.8.8:53

Request

collector.github.com

IN A

Response

collector.github.com

IN CNAME

glb-db52c2cf8be544.github.com

glb-db52c2cf8be544.github.com

IN A

140.82.114.22
DNS

github.com

msedge.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

github.com

msedge.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
GET

https://github.com/ytisf/theZoo/blob/master/theZoo.py

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/blob/master/theZoo.py HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: application/json
x-requested-with: XMLHttpRequest
x-react-router: json
x-github-target: dotcom
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/theZoo.py
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=11jwvhW09vJ5QKAMVeyTrk05IwR6z%2FrTknWs3CSuoptrRuvUGX52CfCGijxzZuEZz5skSmplh1gwhcwPPOnQ9vie4%2FOaiIyWHvkhJoAvr3xNb4yEGEdGQUCFKhIh%2F4GVDGirSWANnq%2FQ9%2BQJXCL9qvAJtEAlAdBEMQdOSoYm5miBWM163cKAxuwBZUnnuYaV4nlQIUGFux26amlcdA5gakvIj0qXsSsYp125o86y0PG%2FN5QJCETIqWY7%2FFlVbe0aQDsQNd8%2B%2BEVHPSPIIhC0mA%3D%3D--Lhh2l6iiGjYsbcEO--7dZT%2Bm%2BAxCxcxR4jzpBvUw%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:46:51 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"b6cbb729112023dec990f647927fedf0"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 4880
x-github-request-id: F985:1CFF58:332CDA8:3935F72:671FF83B
GET

https://github.com/ytisf/theZoo/blob/master/theZoo.py

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/blob/master/theZoo.py HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: application/json
x-requested-with: XMLHttpRequest
x-react-router: json
x-github-target: dotcom
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/theZoo.py
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=11jwvhW09vJ5QKAMVeyTrk05IwR6z%2FrTknWs3CSuoptrRuvUGX52CfCGijxzZuEZz5skSmplh1gwhcwPPOnQ9vie4%2FOaiIyWHvkhJoAvr3xNb4yEGEdGQUCFKhIh%2F4GVDGirSWANnq%2FQ9%2BQJXCL9qvAJtEAlAdBEMQdOSoYm5miBWM163cKAxuwBZUnnuYaV4nlQIUGFux26amlcdA5gakvIj0qXsSsYp125o86y0PG%2FN5QJCETIqWY7%2FFlVbe0aQDsQNd8%2B%2BEVHPSPIIhC0mA%3D%3D--Lhh2l6iiGjYsbcEO--7dZT%2Bm%2BAxCxcxR4jzpBvUw%3D%3D
if-none-match: W/"b6cbb729112023dec990f647927fedf0"

Response

HTTP/2.0 304

server: GitHub.com
date: Mon, 28 Oct 2024 20:46:51 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"b6cbb729112023dec990f647927fedf0"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
x-github-request-id: F985:1CFF58:332CDC4:3935F91:671FF83B
GET

https://github.com/ytisf/theZoo/latest-commit/master/theZoo.py

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/latest-commit/master/theZoo.py HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/theZoo.py
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=11jwvhW09vJ5QKAMVeyTrk05IwR6z%2FrTknWs3CSuoptrRuvUGX52CfCGijxzZuEZz5skSmplh1gwhcwPPOnQ9vie4%2FOaiIyWHvkhJoAvr3xNb4yEGEdGQUCFKhIh%2F4GVDGirSWANnq%2FQ9%2BQJXCL9qvAJtEAlAdBEMQdOSoYm5miBWM163cKAxuwBZUnnuYaV4nlQIUGFux26amlcdA5gakvIj0qXsSsYp125o86y0PG%2FN5QJCETIqWY7%2FFlVbe0aQDsQNd8%2B%2BEVHPSPIIhC0mA%3D%3D--Lhh2l6iiGjYsbcEO--7dZT%2Bm%2BAxCxcxR4jzpBvUw%3D%3D

Response

HTTP/2.0 404

server: GitHub.com
date: Mon, 28 Oct 2024 20:46:52 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame
www-authenticate: Basic realm="GitHub"
cache-control: no-cache
set-cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D; path=/; secure; HttpOnly; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
vary: Accept-Encoding, Accept, X-Requested-With
content-encoding: gzip
x-github-request-id: F985:1CFF58:332CDE1:3935FAC:671FF83C
PUT

https://github.com/repos/preferences

msedge.exe

Remote address:

20.26.156.215:443

Request

PUT /repos/preferences HTTP/2.0
host: github.com
content-length: 393
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: multipart/form-data; boundary=----WebKitFormBoundary4M52SNUjGBNCS3Ag
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
origin: https://github.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/theZoo.py
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=11jwvhW09vJ5QKAMVeyTrk05IwR6z%2FrTknWs3CSuoptrRuvUGX52CfCGijxzZuEZz5skSmplh1gwhcwPPOnQ9vie4%2FOaiIyWHvkhJoAvr3xNb4yEGEdGQUCFKhIh%2F4GVDGirSWANnq%2FQ9%2BQJXCL9qvAJtEAlAdBEMQdOSoYm5miBWM163cKAxuwBZUnnuYaV4nlQIUGFux26amlcdA5gakvIj0qXsSsYp125o86y0PG%2FN5QJCETIqWY7%2FFlVbe0aQDsQNd8%2B%2BEVHPSPIIhC0mA%3D%3D--Lhh2l6iiGjYsbcEO--7dZT%2Bm%2BAxCxcxR4jzpBvUw%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:46:52 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d43e46c95c5f6ea2afcb266c4624db9b"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 167
x-github-request-id: F985:1CFF58:332CDE1:3935FAD:671FF83C
GET

https://github.com/ytisf/theZoo/deferred-metadata/master/theZoo.py

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/deferred-metadata/master/theZoo.py HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/theZoo.py
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=11jwvhW09vJ5QKAMVeyTrk05IwR6z%2FrTknWs3CSuoptrRuvUGX52CfCGijxzZuEZz5skSmplh1gwhcwPPOnQ9vie4%2FOaiIyWHvkhJoAvr3xNb4yEGEdGQUCFKhIh%2F4GVDGirSWANnq%2FQ9%2BQJXCL9qvAJtEAlAdBEMQdOSoYm5miBWM163cKAxuwBZUnnuYaV4nlQIUGFux26amlcdA5gakvIj0qXsSsYp125o86y0PG%2FN5QJCETIqWY7%2FFlVbe0aQDsQNd8%2B%2BEVHPSPIIhC0mA%3D%3D--Lhh2l6iiGjYsbcEO--7dZT%2Bm%2BAxCxcxR4jzpBvUw%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:46:52 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"80bd02ed7ba7019bb99915eefec4a612"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 462
x-github-request-id: F985:1CFF58:332CDE1:3935FAB:671FF83B
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1267
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:46:51 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002092
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:57F1E0:6E36A9:671FF83B
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1216
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/theZoo.py
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:46:51 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003039
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:57F1E1:6E36AA:671FF83B
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1195
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/theZoo.py
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:46:52 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002848
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:57F232:6E3717:671FF83B
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1079
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/theZoo.py
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:46:52 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.009554
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:57F239:6E3720:671FF83C
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1135
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/theZoo.py
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:47:36 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002969
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:583E8B:6E97B1:671FF83C
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1156
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/WinX.SUNBURST
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:47:37 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.008366
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:583EC0:6E97FC:671FF868
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1070
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/WinX.SUNBURST
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:47:37 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003282
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:583FC7:6E9958:671FF869
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1146
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/WinX.SUNBURST
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:47:38 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003318
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:584074:6E9A27:671FF869
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1115
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:47:43 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003361
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:58494F:6EA5A9:671FF86A
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1127
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:47:43 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.001718
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:584953:6EA5AF:671FF86F
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1527
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:47:44 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002803
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:584A3C:6EA6E0:671FF86F
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1260
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:48:30 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002366
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:589BF8:6F0DB1:671FF870
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1125
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Win64.Trojan.GreenBug
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:48:31 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002609
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:589CDF:6F0ECA:671FF89E
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1170
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Win64.Trojan.GreenBug
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:48:31 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002930
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:589CF0:6F0EDB:671FF89F
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1496
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Win64.Trojan.GreenBug
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:48:31 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003582
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:589DBC:6F0FC8:671FF89F
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1147
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:48:34 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002002
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:58A242:6F15AD:671FF89F
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1167
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:48:34 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002745
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:58A245:6F15B6:671FF8A2
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1575
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:48:35 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003378
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:58A33A:6F16E7:671FF8A2
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1316
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:50:10 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002775
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:59467A:6FE50C:671FF8A3
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1157
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Win32.Unknown_SpectreMeltdown
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:50:11 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002640
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:594792:6FE656:671FF902
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1194
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Win32.Unknown_SpectreMeltdown
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:50:11 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002290
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:5947A1:6FE67D:671FF903
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1520
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Win32.Unknown_SpectreMeltdown
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:50:11 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002631
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:59482F:6FE73B:671FF903
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1180
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:50:16 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003149
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:594FC6:6FF0C7:671FF903
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1207
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:50:16 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002971
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:594FCC:6FF0D3:671FF908
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1623
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:50:16 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002539
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:595071:6FF1A9:671FF908
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1291
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:50:58 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003162
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:599161:70454A:671FF908
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1372
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:51:03 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003583
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:5999D8:705030:671FF932
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1221
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:51:04 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002272
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:599B29:7051ED:671FF937
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1189
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:51:04 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002317
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:599B38:7051FE:671FF938
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1545
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:51:04 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003807
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:599BEA:7052D4:671FF938
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.114.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1462
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Mon, 28 Oct 2024 20:52:10 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002304
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: C156:3593E6:5A0D4E:70E215:671FF938
DNS

22.114.82.140.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.114.82.140.in-addr.arpa

IN PTR

Response

22.114.82.140.in-addr.arpa

IN PTR

lb-140-82-114-22-iadgithubcom
DNS

9.179.89.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.179.89.13.in-addr.arpa

IN PTR

Response
GET

https://github.com/ytisf/theZoo/tree/master/malware/Binaries/WinX.SUNBURST

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/tree/master/malware/Binaries/WinX.SUNBURST HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: application/json
x-requested-with: XMLHttpRequest
x-react-router: json
x-github-target: dotcom
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/WinX.SUNBURST
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:47:37 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"19cd0c950fb622175b021341c0e66108"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 4196
x-github-request-id: D3BD:2ED4E8:1B8160C:1F1A589:671FF868
GET

https://github.com/ytisf/theZoo/tree/master/malware/Binaries/WinX.SUNBURST

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/tree/master/malware/Binaries/WinX.SUNBURST HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: application/json
x-requested-with: XMLHttpRequest
x-react-router: json
x-github-target: dotcom
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/WinX.SUNBURST
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D
if-none-match: W/"19cd0c950fb622175b021341c0e66108"

Response

HTTP/2.0 304

server: GitHub.com
date: Mon, 28 Oct 2024 20:47:37 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"19cd0c950fb622175b021341c0e66108"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
x-github-request-id: D3BD:2ED4E8:1B8161C:1F1A5A6:671FF869
GET

https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/WinX.SUNBURST

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/latest-commit/master/malware/Binaries/WinX.SUNBURST HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/WinX.SUNBURST
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:47:37 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d12d54907ea5cbafe4dc4fde1934f484"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 465
x-github-request-id: D3BD:2ED4E8:1B81667:1F1A5F0:671FF869
GET

https://github.com/ytisf/theZoo/tree-commit-info/master/malware/Binaries/WinX.SUNBURST

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/tree-commit-info/master/malware/Binaries/WinX.SUNBURST HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/WinX.SUNBURST
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:47:37 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"94915534717c31faca55403e257e64ed"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 358
x-github-request-id: D3BD:2ED4E8:1B81667:1F1A5F1:671FF869
GET

https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/WinX.SUNBURST

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/deferred-metadata/master/malware/Binaries/WinX.SUNBURST HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/WinX.SUNBURST
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:47:38 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d43e46c95c5f6ea2afcb266c4624db9b"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 167
x-github-request-id: D3BD:2ED4E8:1B81667:1F1A5F2:671FF869
GET

https://github.com/ytisf/theZoo/blob/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/blob/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: application/json
x-requested-with: XMLHttpRequest
x-react-router: json
x-github-target: dotcom
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:47:43 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"f61865c79ede3211f4b6c90b3fa60cef"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 4988
x-github-request-id: D3BD:2ED4E8:1B81891:1F1A876:671FF86A
GET

https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/latest-commit/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:47:44 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d12d54907ea5cbafe4dc4fde1934f484"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 465
x-github-request-id: D3BD:2ED4E8:1B818C5:1F1A8B7:671FF86F
GET

https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/deferred-metadata/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:47:44 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d43e46c95c5f6ea2afcb266c4624db9b"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 167
x-github-request-id: D3BD:2ED4E8:1B818C5:1F1A8B9:671FF86F
GET

https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/raw/refs/heads/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 302

server: GitHub.com
date: Mon, 28 Oct 2024 20:47:45 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin:
location: https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: D3BD:2ED4E8:1B8196F:1F1A975:671FF870
GET

https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/raw/refs/heads/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 302

server: GitHub.com
date: Mon, 28 Oct 2024 20:47:45 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin:
location: https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: D3BD:2ED4E8:1B81AAF:1F1AACA:671FF871
DNS

api.github.com

msedge.exe

Remote address:

8.8.8.8:53

Request

api.github.com

IN A

Response

api.github.com

IN A

20.26.156.210
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 1165
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/WinX.SUNBURST
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Mon, 28 Oct 2024 20:47:43 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1730152063
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: E06F:39D1DA:BD2DCB:CA09B0:671FF86F
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 1198
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Mon, 28 Oct 2024 20:47:49 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1730152069
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: E06F:39D1DA:BD2FF2:CA0C04:671FF86F
DNS

github.com

msedge.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
GET

https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Win64.Trojan.GreenBug

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/tree/master/malware/Binaries/Win64.Trojan.GreenBug HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: application/json
x-requested-with: XMLHttpRequest
x-react-router: json
x-github-target: dotcom
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Win64.Trojan.GreenBug
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:48:31 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"4e27b04ed21d66062b09222610d44053"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 4216
x-github-request-id: D5CD:13A22:24DD086:2965B92:671FF89E
GET

https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/Win64.Trojan.GreenBug

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/latest-commit/master/malware/Binaries/Win64.Trojan.GreenBug HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Win64.Trojan.GreenBug
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:48:31 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d43e46c95c5f6ea2afcb266c4624db9b"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 167
x-github-request-id: D5CD:13A22:24DD0B2:2965BD5:671FF89F
GET

https://github.com/ytisf/theZoo/tree-commit-info/master/malware/Binaries/Win64.Trojan.GreenBug

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/tree-commit-info/master/malware/Binaries/Win64.Trojan.GreenBug HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Win64.Trojan.GreenBug
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:48:31 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"83b3d99623b7314b91096428e7537bcf"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 364
x-github-request-id: D5CD:13A22:24DD0B1:2965BD4:671FF89F
GET

https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/Win64.Trojan.GreenBug

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/deferred-metadata/master/malware/Binaries/Win64.Trojan.GreenBug HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Win64.Trojan.GreenBug
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:48:31 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d12d54907ea5cbafe4dc4fde1934f484"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 465
x-github-request-id: D5CD:13A22:24DD0B1:2965BD3:671FF89F
GET

https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/blob/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: application/json
x-requested-with: XMLHttpRequest
x-react-router: json
x-github-target: dotcom
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:48:34 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"3c326e93b97149096c49a5e3cebdefc5"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 4999
x-github-request-id: D5CD:13A22:24DD21C:2965D55:671FF89F
GET

https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/latest-commit/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:48:34 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d12d54907ea5cbafe4dc4fde1934f484"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 465
x-github-request-id: D5CD:13A22:24DD25A:2965D98:671FF8A2
GET

https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/deferred-metadata/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:48:34 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d43e46c95c5f6ea2afcb266c4624db9b"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 167
x-github-request-id: D5CD:13A22:24DD25A:2965D9A:671FF8A2
GET

https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 302

server: GitHub.com
date: Mon, 28 Oct 2024 20:48:36 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin:
location: https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: D5CD:13A22:24DD360:2965EBA:671FF8A2
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 1786
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Mon, 28 Oct 2024 20:48:39 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1730152119
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: D3A3:38BBF7:DB8CDA:E9FBFF:671FF8A7
DNS

api.github.com

msedge.exe

Remote address:

8.8.8.8:53

Request

api.github.com

IN A

Response

api.github.com

IN A

20.26.156.210
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 1474
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Mon, 28 Oct 2024 20:49:56 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1730152196
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: CB7B:34A24C:1134950:125B95F:671FF8F4
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 6750
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Mon, 28 Oct 2024 20:50:10 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1730152209
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: CB7B:34A24C:1134E19:125BE66:671FF8F4
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 1257
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Mon, 28 Oct 2024 20:50:21 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1730152221
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: CB7B:34A24C:11351CD:125C25D:671FF902
DNS

github.com

msedge.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
GET

https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Win32.Unknown_SpectreMeltdown

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/tree/master/malware/Binaries/Win32.Unknown_SpectreMeltdown HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: application/json
x-requested-with: XMLHttpRequest
x-react-router: json
x-github-target: dotcom
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Win32.Unknown_SpectreMeltdown
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:50:10 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"df030ff5c4754ef4fd9e97e03969dfb3"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 4214
x-github-request-id: FA2C:223F1D:32F0EB2:38FB613:671FF902
GET

https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/Win32.Unknown_SpectreMeltdown

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/latest-commit/master/malware/Binaries/Win32.Unknown_SpectreMeltdown HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Win32.Unknown_SpectreMeltdown
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:50:11 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d43e46c95c5f6ea2afcb266c4624db9b"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 167
x-github-request-id: FA2C:223F1D:32F0EF0:38FB64C:671FF903
GET

https://github.com/ytisf/theZoo/tree-commit-info/master/malware/Binaries/Win32.Unknown_SpectreMeltdown

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/tree-commit-info/master/malware/Binaries/Win32.Unknown_SpectreMeltdown HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Win32.Unknown_SpectreMeltdown
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:50:11 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"8f4792725eb9473b01d70512bdb242eb"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 370
x-github-request-id: FA2C:223F1D:32F0EF0:38FB64B:671FF903
GET

https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/Win32.Unknown_SpectreMeltdown

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/deferred-metadata/master/malware/Binaries/Win32.Unknown_SpectreMeltdown HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Win32.Unknown_SpectreMeltdown
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:50:11 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d12d54907ea5cbafe4dc4fde1934f484"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 465
x-github-request-id: FA2C:223F1D:32F0EEF:38FB64A:671FF902
GET

https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/blob/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: application/json
x-requested-with: XMLHttpRequest
x-react-router: json
x-github-target: dotcom
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:50:15 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"b1025b141b14a9b809ea1799c9d12f7f"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 5001
x-github-request-id: FA2C:223F1D:32F10BE:38FB865:671FF903
GET

https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/latest-commit/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:50:16 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d12d54907ea5cbafe4dc4fde1934f484"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 465
x-github-request-id: FA2C:223F1D:32F10EE:38FB89E:671FF907
GET

https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/deferred-metadata/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:50:16 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d43e46c95c5f6ea2afcb266c4624db9b"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 167
x-github-request-id: FA2C:223F1D:32F10EF:38FB89F:671FF908
GET

https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 302

server: GitHub.com
date: Mon, 28 Oct 2024 20:50:18 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin:
location: https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: FA2C:223F1D:32F119C:38FB95E:671FF908
GET

https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Win32.WannaPeace?noancestors=1

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/tree/master/malware/Binaries/Win32.WannaPeace?noancestors=1 HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:50:58 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"c697b1618a4bb8695da81978925e1158"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 4198
x-github-request-id: D49A:1CC4CD:3239A4C:3843873:671FF931
GET

https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/blob/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: application/json
x-requested-with: XMLHttpRequest
x-react-router: json
x-github-target: dotcom
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:51:03 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"1b5ab75d7ad1bccb7ac80cde495997bc"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 4981
x-github-request-id: D49A:1CC4CD:3239D14:3843B83:671FF932
GET

https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/latest-commit/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:51:04 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d43e46c95c5f6ea2afcb266c4624db9b"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 167
x-github-request-id: D49A:1CC4CD:3239D64:3843BDA:671FF938
GET

https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/deferred-metadata/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 200

server: GitHub.com
date: Mon, 28 Oct 2024 20:51:04 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d12d54907ea5cbafe4dc4fde1934f484"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 465
x-github-request-id: D49A:1CC4CD:3239D61:3843BD9:671FF937
GET

https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
accept: text/html, application/xhtml+xml
dnt: 1
turbo-visit: true
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 302

server: GitHub.com
date: Mon, 28 Oct 2024 20:51:05 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin:
location: https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: D49A:1CC4CD:3239E0D:3843CAB:671FF938
GET

https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 302

server: GitHub.com
date: Mon, 28 Oct 2024 20:51:05 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin:
location: https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: D49A:1CC4CD:3239E2F:3843CD2:671FF939
GET

https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
accept: text/html, application/xhtml+xml
dnt: 1
turbo-visit: true
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 302

server: GitHub.com
date: Mon, 28 Oct 2024 20:51:05 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin:
location: https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: D49A:1CC4CD:3239F67:3843E30:671FF939
GET

https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip HTTP/2.0
host: github.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC
cookie: _gh_sess=x9rLFjvlp4ZbR61cx1FO18L%2BASlvb7GrhnNoRtKB1c8%2FiDQGoSY2ausUI077cLwW22Z4eM2tIJO1T5U160jLXUkozgHW5vBauOMEHhUFGKjHaXTl1LtMOuSiCMAWud9TDmSvNPJ7gWgd3DEw%2BA1MJaELW7dxSOJsBmLbaf9iycQE%2BlXdbbKK2rxneBeSILNJtd%2BZ5p9WNyKjY%2FXyRrm1jSbr0%2F%2FwQObltSKsezMK2oGlQpyAXqZLUYuChMDabaGD4XdKgdPsLIW7w1uOcuVQBo0u7HWVxe44XsnUbhycgNwt%2FxQG--4xFGTaaY6bK%2Bc2Es--zBk7S9yKVvZlviS99%2B%2BYdg%3D%3D

Response

HTTP/2.0 302

server: GitHub.com
date: Mon, 28 Oct 2024 20:51:05 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin:
location: https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: D49A:1CC4CD:3239F79:3843E42:671FF93C
DNS

api.github.com

msedge.exe

Remote address:

8.8.8.8:53

Request

api.github.com

IN A

Response

api.github.com

IN A

20.26.156.210
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 7533
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.654803613.1730148152
cookie: logged_in=no
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Mon, 28 Oct 2024 20:51:13 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1730152273
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: F0F8:38F80:484EAE:4C1090:671FF941
DNS

www.horacerta.com.br

Win32.WannaPeace.exe

Remote address:

8.8.8.8:53

Request

www.horacerta.com.br

IN A

Response

www.horacerta.com.br

IN A

67.205.27.173
DNS

www.horacerta.com.br

Win32.WannaPeace.exe

Remote address:

8.8.8.8:53

Request

www.horacerta.com.br

IN A

Response

www.horacerta.com.br

IN A

67.205.27.173
GET

http://www.horacerta.com.br/

Win32.WannaPeace.exe

Remote address:

67.205.27.173:80

Request

GET / HTTP/1.1
Accept: */*
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.horacerta.com.br
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 28 Oct 2024 20:51:43 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, Keep-Alive
Cache-Control: max-age=600
Expires: Mon, 28 Oct 2024 21:01:43 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1315
Keep-Alive: timeout=5, max=100
Content-Type: text/html; charset=UTF-8
GET

http://www.horacerta.com.br/avanca_relogio.js

Win32.WannaPeace.exe

Remote address:

67.205.27.173:80

Request

GET /avanca_relogio.js HTTP/1.1
Accept: */*
Referer: http://www.horacerta.com.br/
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.horacerta.com.br
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 28 Oct 2024 20:51:43 GMT
Server: Apache
Last-Modified: Tue, 29 Oct 2019 22:22:01 GMT
ETag: "7df-596140b93455e"
Accept-Ranges: bytes
Content-Length: 2015
Cache-Control: max-age=172800
Expires: Wed, 30 Oct 2024 20:51:43 GMT
Vary: User-Agent,Accept-Encoding
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/x-httpd-php
GET

http://www.horacerta.com.br/001/estilos.css

Win32.WannaPeace.exe

Remote address:

67.205.27.173:80

Request

GET /001/estilos.css HTTP/1.1
Accept: */*
Referer: http://www.horacerta.com.br/
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.horacerta.com.br
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 28 Oct 2024 20:51:44 GMT
Server: Apache
Last-Modified: Mon, 08 Mar 2010 19:25:25 GMT
ETag: "ad4-4814f06e65340"
Accept-Ranges: bytes
Content-Length: 2772
Cache-Control: max-age=2592000
Expires: Wed, 27 Nov 2024 20:51:44 GMT
Vary: User-Agent,Accept-Encoding
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
GET

http://www.horacerta.com.br/002/estilos.css

Win32.WannaPeace.exe

Remote address:

67.205.27.173:80

Request

GET /002/estilos.css HTTP/1.1
Accept: */*
Referer: http://www.horacerta.com.br/
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.horacerta.com.br
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 28 Oct 2024 20:51:44 GMT
Server: Apache
Last-Modified: Sat, 06 Mar 2010 19:55:01 GMT
ETag: "8f5-4812735132f40"
Accept-Ranges: bytes
Content-Length: 2293
Cache-Control: max-age=2592000
Expires: Wed, 27 Nov 2024 20:51:44 GMT
Vary: User-Agent,Accept-Encoding
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
GET

http://www.horacerta.com.br/003/estilos.css

Win32.WannaPeace.exe

Remote address:

67.205.27.173:80

Request

GET /003/estilos.css HTTP/1.1
Accept: */*
Referer: http://www.horacerta.com.br/
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.horacerta.com.br
Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found

Date: Mon, 28 Oct 2024 20:51:44 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.horacerta.com.br/001/fundo.png

Win32.WannaPeace.exe

Remote address:

67.205.27.173:80

Request

GET /001/fundo.png HTTP/1.1
Accept: */*
Referer: http://www.horacerta.com.br/
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.horacerta.com.br
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 28 Oct 2024 20:51:44 GMT
Server: Apache
Last-Modified: Sat, 06 Mar 2010 17:35:35 GMT
ETag: "1abb7-48125426c27c0"
Accept-Ranges: bytes
Content-Length: 109495
Cache-Control: max-age=2592000
Expires: Wed, 27 Nov 2024 20:51:44 GMT
Vary: User-Agent,Accept-Encoding
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
GET

http://www.horacerta.com.br/styleswitcher.js

Win32.WannaPeace.exe

Remote address:

67.205.27.173:80

Request

GET /styleswitcher.js HTTP/1.1
Accept: */*
Referer: http://www.horacerta.com.br/
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: www.horacerta.com.br
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 28 Oct 2024 20:51:43 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 06 Mar 2010 04:16:19 GMT
ETag: "29e9-4811a1805aac0"
Accept-Ranges: bytes
Content-Length: 10729
Cache-Control: max-age=172800
Expires: Wed, 30 Oct 2024 20:51:43 GMT
Vary: User-Agent,Accept-Encoding
Keep-Alive: timeout=5, max=100
Content-Type: application/x-httpd-php
GET

http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Win32.WannaPeace.exe

Remote address:

216.58.213.2:80

Request

GET /pagead/js/adsbygoogle.js HTTP/1.1
Accept: */*
Referer: http://www.horacerta.com.br/
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: pagead2.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
Vary: Accept-Encoding
Date: Mon, 28 Oct 2024 20:51:43 GMT
Expires: Mon, 28 Oct 2024 20:51:43 GMT
Cache-Control: private, max-age=3600, stale-while-revalidate=3600
Content-Type: text/javascript; charset=UTF-8
ETag: 6397792596289826251
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 64936
X-XSS-Protection: 0
DNS

173.27.205.67.in-addr.arpa

Remote address:

8.8.8.8:53

Request

173.27.205.67.in-addr.arpa

IN PTR

Response

173.27.205.67.in-addr.arpa

IN PTR

apache2-fritziad1-shared-b7-21 dreamhostcom
DNS

173.27.205.67.in-addr.arpa

Remote address:

8.8.8.8:53

Request

173.27.205.67.in-addr.arpa

IN PTR

Response

173.27.205.67.in-addr.arpa

IN PTR

apache2-fritziad1-shared-b7-21 dreamhostcom
DNS

2.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.213.58.216.in-addr.arpa

IN PTR

Response

2.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f21e100net

2.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f2�F
DNS

232.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.179.250.142.in-addr.arpa

IN PTR

Response

232.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f81e100net
DNS

c.pki.goog

Win32.WannaPeace.exe

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.180.3
GET

http://c.pki.goog/r/r1.crl

Win32.WannaPeace.exe

Remote address:

142.250.180.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 28 Oct 2024 20:44:21 GMT
Expires: Mon, 28 Oct 2024 21:34:21 GMT
Cache-Control: public, max-age=3000
Age: 443
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
DNS

o.pki.goog

Win32.WannaPeace.exe

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.180.3
DNS

o.pki.goog

Win32.WannaPeace.exe

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.180.3
GET

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDkGIO6g6XzohJ3Fub52e6y

Win32.WannaPeace.exe

Remote address:

142.250.180.3:80

Request

GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDkGIO6g6XzohJ3Fub52e6y HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Mon, 28 Oct 2024 20:11:47 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2397
DNS

3.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.180.250.142.in-addr.arpa

IN PTR

Response

3.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f31e100net
DNS

132.89.115.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

132.89.115.104.in-addr.arpa

IN PTR

Response

132.89.115.104.in-addr.arpa

IN PTR

a104-115-89-132deploystaticakamaitechnologiescom
DNS

132.89.115.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

132.89.115.104.in-addr.arpa

IN PTR
DNS

132.89.115.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

132.89.115.104.in-addr.arpa

IN PTR
DNS

132.89.115.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

132.89.115.104.in-addr.arpa

IN PTR
DNS

132.89.115.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

132.89.115.104.in-addr.arpa

IN PTR
DNS

73.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.31.126.40.in-addr.arpa

IN PTR

Response
DNS

73.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.31.126.40.in-addr.arpa

IN PTR
DNS

73.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.31.126.40.in-addr.arpa

IN PTR
DNS

73.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.31.126.40.in-addr.arpa

IN PTR
DNS

73.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.31.126.40.in-addr.arpa

IN PTR
DNS

82.27.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

82.27.18.2.in-addr.arpa

IN PTR

Response

82.27.18.2.in-addr.arpa

IN PTR

a2-18-27-82deploystaticakamaitechnologiescom
DNS

82.27.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

82.27.18.2.in-addr.arpa

IN PTR
DNS

82.27.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

82.27.18.2.in-addr.arpa

IN PTR

20.26.156.215:443

https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip

tls, http2

msedge.exe

5.3kB
100.0kB
62
91

HTTP Request

GET https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/security/overall-count

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/refs?type=branch

HTTP Request

GET https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip

HTTP Request

GET https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/refs?type=branch

HTTP Response

200

HTTP Response

200

HTTP Response

304

HTTP Request

GET https://github.com/ytisf/theZoo/refs?type=branch

HTTP Response

304

HTTP Request

GET https://github.com/manifest.json

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip

HTTP Response

302
185.199.111.133:443

https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

tls, http2

msedge.exe

11.8kB
513.1kB
218
397

HTTP Request

GET https://avatars.githubusercontent.com/u/5548594?v=4&size=40

HTTP Response

200

HTTP Request

GET https://avatars.githubusercontent.com/u/5548594?s=32&v=4

HTTP Response

200

HTTP Request

GET https://avatars.githubusercontent.com/u/5548594?s=40&v=4

HTTP Response

200

HTTP Request

GET https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

HTTP Response

200
185.199.111.154:443

github.githubassets.com

tls

msedge.exe

989 B
6.3kB
9
11
185.199.111.154:443

github.githubassets.com

tls

msedge.exe

989 B
6.3kB
9
11
185.199.111.154:443

https://github.githubassets.com/assets/chunk-ui_packages_experimental-action-list-element_experimental-action-list-element_ts-8ad7322b3760.js

tls, http2

msedge.exe

41.4kB
1.1MB
582
846

HTTP Request

GET https://github.githubassets.com/assets/light-3e154969b9f9.css

HTTP Request

GET https://github.githubassets.com/assets/dark-9c5b7a476542.css

HTTP Request

GET https://github.githubassets.com/assets/primer-primitives-4cf0d59ab51a.css

HTTP Request

GET https://github.githubassets.com/assets/repository-31ce1dda752d.css

HTTP Request

GET https://github.githubassets.com/assets/code-2cae59811c3d.css

HTTP Request

GET https://github.githubassets.com/assets/github-33c8af45ae17.css

HTTP Request

GET https://github.githubassets.com/assets/primer-03722e173ec3.css

HTTP Request

GET https://github.githubassets.com/assets/global-521d889e2b6c.css

HTTP Request

GET https://github.githubassets.com/assets/notifications-subscriptions-menu.1bcff9205c241e99cff2.module.css

HTTP Request

GET https://github.githubassets.com/assets/react-code-view.3a11433d5fb649f11287.module.css

HTTP Request

GET https://github.githubassets.com/assets/primer-react.7558f0254d56b9bec77f.module.css

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.githubassets.com/assets/wp-runtime-9031999f1721.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_dompurify_dist_purify_js-b73fdff77a4e.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-aff936e590ed.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_arianotify-polyfill_ariaNotify-polyfill_js-node_modules_github_mi-247092-76666ec8c39f.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_failbot_failbot_ts-6accc016605a.js

HTTP Request

GET https://github.githubassets.com/assets/environment-b7c8196d9516.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_index_mjs-4aa4b0e95669.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_selector-observer_dist_index_esm_js-f690fd9ae3d5.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_relative-time-element_dist_index_js-6d3967acd51c.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_combobox-nav_dist_index_js-node_modules_github_g-emoji-element_di-6ce195-53781cbc550f.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_text-expander-element_dist_index_js-f5498b8d4e5d.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_auto-complete-element_dist_index_js-a164c5ea9f62.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-d1a841-8f251a0656e7.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-f4b251-f7c3b6081b19.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_stacktrace-parser_dist_s-1f651a-0cff18664748.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-21f158-6ce6e035e87d.js

HTTP Request

GET https://github.githubassets.com/assets/github-elements-aeb1b578f60b.js

HTTP Request

GET https://github.githubassets.com/assets/element-registry-bf60c7f61ab1.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_catalyst_lib_index_js-node_modules_primer_live-region-element_dis-037ad60-8582b70cd5a9.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_braintree_browser-detection_dist_browser-detection_js-node_modules_githu-bb80ec-634de60bacfa.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_lit-html_lit-html_js-ce7225a304c5.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_hydro-analytics-client_dist_analytics-client_js-node_modules_gith-f3aee1-e6893db9c19e.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_morphdom_dist_morphdom-e-7c534c-f8a5485c982a.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-858e043fcf76.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-893f9f-6cf3320416b8.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_scroll-anchoring_dist_scroll-anchoring_esm_js-node_modules_stacktrace-pa-a71630-67856ad29bae.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_color-convert_index_js-0e07cc183eed.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_quote-selection_dist_index_js-node_modules_github_session-resume_-9a8cd2-373766bf71f1.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_sudo_sudo_ts-5723e2e31f3e.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_updatable-content_updatable-content_ts-312700d0d136.js

HTTP Request

GET https://github.githubassets.com/assets/app_assets_modules_github_sticky-scroll-into-view_ts-ui_packages_onfocus_onfocus_ts-346d240435ec.js

HTTP Request

GET https://github.githubassets.com/assets/app_assets_modules_github_behaviors_task-list_ts-app_assets_modules_github_sso_ts-1f593176c92a.js

HTTP Request

GET https://github.githubassets.com/assets/app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-d0d0a6-aa0f176b5b12.js

HTTP Request

GET https://github.githubassets.com/assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-c89801ebbe15.js

HTTP Request

GET https://github.githubassets.com/assets/behaviors-01a538475f0f.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-06ff531-bf7e5a3732fd.js

HTTP Request

GET https://github.githubassets.com/assets/notifications-global-54f34167118d.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_catalyst_lib_inde-dbbea9-e73b311a14f1.js

HTTP Request

GET https://github.githubassets.com/assets/code-menu-2b308c1236c2.js

HTTP Request

GET https://github.githubassets.com/assets/primer-react-65b92279806c.js

HTTP Request

GET https://github.githubassets.com/assets/react-core-8cc241fe292c.js

HTTP Request

GET https://github.githubassets.com/assets/react-lib-7b7b5264f6c1.js

HTTP Request

GET https://github.githubassets.com/assets/octicons-react-45c3a19dd792.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_emotion_is-prop-valid_dist_emotion-is-prop-valid_esm_js-node_modules_emo-41da55-1851acd376ff.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover-fn_js-4896ddd4b7bb.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_react-reverse-portal_dist_web_index_js-node_modules_react-intersection-o-837f97-cf0d169497ea.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_aria-live_aria-live_ts-ui_packages_promise-with-resolvers-polyfill_promise-with-r-014121-e1792bd5a31e.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_paths_index_ts-dce6cc95a312.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_ref-selector_RefSelector_tsx-51878e8faf2a.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_code-view-shared_hooks_shortcuts_ts-ui_packages_code-view-shared_utilities_web-wo-eaf87a-d3536229ca1f.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_hydro-analytics_hydro-analytics_ts-ui_packages_verified-fetch_verified-fetch_ts-u-4672d1-44cbbea76d85.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_code-view-shared_hooks_use-canonical-object_ts-ui_packages_code-view-shared_utili-228da6-66d60a7b72be.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_code-view-shared_hooks_use-file-page-payload_ts-ui_packages_use-analytics_use-ana-590a3d-e0d488dddc50.js

HTTP Request

GET https://github.githubassets.com/assets/app_assets_modules_github_blob-anchor_ts-ui_packages_code-nav_code-nav_ts-ui_packages_filter--8253c1-87c39cb5708f.js

HTTP Request

GET https://github.githubassets.com/assets/react-code-view-3ce1da712541.js

HTTP Request

GET https://github.githubassets.com/assets/notifications-subscriptions-menu-0e6b6b6fce5a.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_catalyst_lib_index_js-node_modules_github_hotkey_dist_index_js-no-d67c7f-bd7d077cdcb1.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_ui-commands_ui-commands_ts-d25fac54a6bc.js

HTTP Request

GET https://github.githubassets.com/assets/keyboard-shortcuts-dialog-da2039f86b13.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-94fd67-9a621ecbf672.js

HTTP Request

GET https://github.githubassets.com/assets/sessions-b61003c45c5a.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.githubassets.com/assets/chunk-app_components_primer_experimental_select-panel-element_ts-90c1b002fec5.js

HTTP Request

GET https://github.githubassets.com/assets/chunk-app_components_primer_experimental_toggle-switch-element_ts-1077a1578034.js

HTTP Request

GET https://github.githubassets.com/assets/chunk-node_modules_github_mini-throttle_dist_index_js-node_modules_stacktrace-parser_dist_stack-tra-a18fad-10420c0fcb9e.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_query-builder-element_query-builder-element_ts-1546dc8c42cb.js

HTTP Request

GET https://github.githubassets.com/assets/chunk-app_components_search_qbsearch-input-element_ts-ui_packages_trusted-types-policies_policy_ts--7cc11e-c9adc97f562b.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.githubassets.com/assets/chunk-ui_packages_cookie-consent-link-element_cookie-consent-link-element_ts-23c1cb96287b.js

HTTP Request

GET https://github.githubassets.com/assets/chunk-ui_packages_ghcc-consent-element_ghcc-consent-element_ts-2ab85b7d16d5.js

HTTP Response

200

HTTP Request

GET https://github.githubassets.com/assets/chunk-node_modules_github_mini-throttle_dist_index_js-node_modules_stacktrace-parser_dist_stack-tra-600f89-2300b882f669.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.githubassets.com/assets/chunk-ui_packages_webauthn-get-element_webauthn-get-element_ts-eba7ee3409f2.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.githubassets.com/assets/chunk-vendors-node_modules_consent-banner_dist_consent-banner_js-d06d275cbddc.js

HTTP Response

200

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_virtualized-list_es_index_js-node_modules_github_template-parts_lib_index_js-96453a51f920.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_github_catalyst_lib_index_-f60689-9a27a43d9ee6.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_decorators_js-node_modules_delegated-events_di-e161aa-a6774a3bb897.js

HTTP Request

GET https://github.githubassets.com/assets/app_assets_modules_github_ref-selector_ts-a14af0a18402.js

HTTP Request

GET https://github.githubassets.com/assets/app_assets_modules_github_diffs_blob-lines_ts-app_assets_modules_github_diffs_linkable-line-n-7600fd-7d4b12aeb6ca.js

HTTP Request

GET https://github.githubassets.com/assets/diffs-c208af17140e.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.githubassets.com/assets/chunk-app_components_pull_requests_file_tree_file-tree-element_ts-11cd7d6d03a2.js

HTTP Request

GET https://github.githubassets.com/assets/chunk-app_components_pull_requests_file_tree_file-tree-toggle-element_ts-d08d4c339bcc.js

HTTP Request

GET https://github.githubassets.com/assets/chunk-ui_packages_experimental-action-list-element_experimental-action-list-element_ts-8ad7322b3760.js

HTTP Response

200

HTTP Response

200

HTTP Response

200
185.199.111.154:443

github.githubassets.com

tls

msedge.exe

1.5kB
6.2kB
10
8
185.199.111.154:443

github.githubassets.com

tls

msedge.exe

1.5kB
6.2kB
10
8
185.199.111.154:443

github.githubassets.com

tls

msedge.exe

1.5kB
6.2kB
10
8
140.82.112.21:443

https://collector.github.com/github/collect

tls, http2

msedge.exe

44.9kB
19.2kB
101
87

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204
185.199.111.154:443

https://github.githubassets.com/favicons/favicon.png

tls, http2

msedge.exe

3.0kB
25.2kB
38
42

HTTP Request

GET https://github.githubassets.com/favicons/favicon.svg

HTTP Request

GET https://github.githubassets.com/assets/apple-touch-icon-144x144-b882e354c005.png

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.githubassets.com/favicons/favicon.png

HTTP Response

200
20.26.156.210:443

https://api.github.com/_private/browser/stats

tls, http2

msedge.exe

5.1kB
6.8kB
21
23

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200
185.199.111.133:443

https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

tls, http2

msedge.exe

37.7kB
1.8MB
753
1361

HTTP Request

GET https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Ransomware.Thanos/Ransomware.Thanos.zip

HTTP Response

200

HTTP Request

GET https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip

HTTP Response

200

HTTP Request

GET https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip

HTTP Response

200

HTTP Request

GET https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip

HTTP Response

200

HTTP Request

GET https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip

HTTP Response

200

HTTP Request

OPTIONS https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

HTTP Response

403

HTTP Request

OPTIONS https://raw.githubusercontent.com/ytisf/theZoo/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

HTTP Response

403
20.26.156.215:443

https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip

tls, http2

msedge.exe

27.8kB
1.1MB
466
817

HTTP Request

GET https://github.com/ytisf/theZoo/tree/master/malware

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/latest-commit/master/malware

HTTP Request

GET https://github.com/ytisf/theZoo/tree-commit-info/master/malware

HTTP Request

GET https://github.com/ytisf/theZoo/deferred-metadata/master/malware

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/tree/master/malware/Binaries

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries

HTTP Request

GET https://github.com/ytisf/theZoo/tree-commit-info/master/malware/Binaries

HTTP Request

GET https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Friday_the_13th.408

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/Friday_the_13th.408

HTTP Request

GET https://github.com/ytisf/theZoo/tree-commit-info/master/malware/Binaries/Friday_the_13th.408

HTTP Request

GET https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/Friday_the_13th.408

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip

HTTP Request

GET https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666/hovercard?subject=repository%3A15776012&current_path=%2Fytisf%2FtheZoo%2Fblob%2Fmaster%2Fmalware%2FBinaries%2FFriday_the_13th.408%2FFriday_the_13th.408.zip

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/commit/b013182f34eecab0aca5b7b9c29bcedc01908666

HTTP Response

200

HTTP Request

POST https://github.com/commits/badges

HTTP Request

GET https://github.com/ytisf/theZoo/branch_commits/b013182f34eecab0aca5b7b9c29bcedc01908666

HTTP Request

GET https://github.com/ytisf/theZoo/diffs?bytes=271&commit=b013182f34eecab0aca5b7b9c29bcedc01908666&lines=12&responsive=true&sha1=5def2149daf1ce2ce0605a207390a7298a9863b1&sha2=b013182f34eecab0aca5b7b9c29bcedc01908666&start_entry=300&sticky=false&w=false

HTTP Request

GET https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip

HTTP Request

GET https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip

HTTP Response

304

HTTP Response

304

HTTP Request

GET https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Friday_the_13th.408/Friday_the_13th.408.zip

HTTP Response

302
20.26.156.210:443

https://api.github.com/_private/browser/stats

tls, http2

msedge.exe

17.2kB
10.3kB
36
35

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.3kB
7.1kB
17
15
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.3kB
7.1kB
17
15
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
7.0kB
16
14
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.3kB
7.1kB
17
15
150.171.27.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239353582481_1UFRZG7HSKJ6VOM8D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

108.7kB
3.1MB
2250
2244

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301020_14A3TVXX0O1AF1LY0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388091_1UZ9QPHUDICWZFIUE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301453_1HOUYPI9NYZFL407Y&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388092_16GTZ1ZLJFZVK1WDY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239353582480_11Y0WDW5HLDOO8GP5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239353582481_1UFRZG7HSKJ6VOM8D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
34.149.97.1:443

firefox-api-proxy.cdn.mozilla.net

tls, http2

firefox.exe

1.6kB
4.3kB
13
12
127.0.0.1:53875

firefox.exe
127.0.0.1:53884

firefox.exe
20.26.156.210:443

https://api.github.com/_private/browser/stats

tls, http2

msedge.exe

7.2kB
9.2kB
31
32

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200
140.82.114.22:443

collector.github.com

tls

msedge.exe

995 B
4.6kB
9
9
20.26.156.215:443

https://github.com/ytisf/theZoo/deferred-metadata/master/theZoo.py

tls, http2

msedge.exe

3.7kB
30.8kB
29
39

HTTP Request

GET https://github.com/ytisf/theZoo/blob/master/theZoo.py

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/blob/master/theZoo.py

HTTP Response

304

HTTP Request

GET https://github.com/ytisf/theZoo/latest-commit/master/theZoo.py

HTTP Request

PUT https://github.com/repos/preferences

HTTP Request

GET https://github.com/ytisf/theZoo/deferred-metadata/master/theZoo.py

HTTP Response

404

HTTP Response

200

HTTP Response

200
140.82.114.22:443

https://collector.github.com/github/collect

tls, http2

msedge.exe

51.1kB
26.5kB
129
130

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204
20.26.156.215:443

https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip

tls, http2

msedge.exe

4.8kB
57.2kB
46
62

HTTP Request

GET https://github.com/ytisf/theZoo/tree/master/malware/Binaries/WinX.SUNBURST

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/tree/master/malware/Binaries/WinX.SUNBURST

HTTP Response

304

HTTP Request

GET https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/WinX.SUNBURST

HTTP Request

GET https://github.com/ytisf/theZoo/tree-commit-info/master/malware/Binaries/WinX.SUNBURST

HTTP Request

GET https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/WinX.SUNBURST

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/blob/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip

HTTP Request

GET https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip

HTTP Response

302

HTTP Request

GET https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/WinX.SUNBURST/WinX.SUNBURST.zip

HTTP Response

302
20.26.156.210:443

https://api.github.com/_private/browser/stats

tls, http2

msedge.exe

4.7kB
6.7kB
19
21

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200
20.26.156.215:443

https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip

tls, http2

msedge.exe

4.3kB
47.9kB
39
53

HTTP Request

GET https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Win64.Trojan.GreenBug

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/Win64.Trojan.GreenBug

HTTP Request

GET https://github.com/ytisf/theZoo/tree-commit-info/master/malware/Binaries/Win64.Trojan.GreenBug

HTTP Request

GET https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/Win64.Trojan.GreenBug

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip

HTTP Request

GET https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win64.Trojan.GreenBug/Win64.Trojan.GreenBug.zip

HTTP Response

302
20.26.156.210:443

https://api.github.com/_private/browser/stats

tls, http2

msedge.exe

3.8kB
5.5kB
16
17

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200
20.26.156.210:443

https://api.github.com/_private/browser/stats

tls, http2

msedge.exe

12.5kB
8.2kB
30
31

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200
20.26.156.215:443

https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip

tls, http2

msedge.exe

4.4kB
49.4kB
40
53

HTTP Request

GET https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Win32.Unknown_SpectreMeltdown

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/Win32.Unknown_SpectreMeltdown

HTTP Request

GET https://github.com/ytisf/theZoo/tree-commit-info/master/malware/Binaries/Win32.Unknown_SpectreMeltdown

HTTP Request

GET https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/Win32.Unknown_SpectreMeltdown

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip

HTTP Request

GET https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win32.Unknown_SpectreMeltdown/Win32.Unknown_SpectreMeltdown.zip

HTTP Response

302
20.26.156.215:443

https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

tls, http2

msedge.exe

4.5kB
46.8kB
39
51

HTTP Request

GET https://github.com/ytisf/theZoo/tree/master/malware/Binaries/Win32.WannaPeace?noancestors=1

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/latest-commit/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

HTTP Request

GET https://github.com/ytisf/theZoo/deferred-metadata/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

HTTP Response

302

HTTP Request

GET https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

HTTP Response

302

HTTP Request

GET https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

HTTP Response

302

HTTP Request

GET https://github.com/ytisf/theZoo/raw/refs/heads/master/malware/Binaries/Win32.WannaPeace/Win32.WannaPeace.zip

HTTP Response

302
20.26.156.210:443

https://api.github.com/_private/browser/stats

tls, http2

msedge.exe

9.7kB
5.6kB
20
21

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200
67.205.27.173:80

http://www.horacerta.com.br/001/fundo.png

http

Win32.WannaPeace.exe

6.8kB
124.0kB
101
94

HTTP Request

GET http://www.horacerta.com.br/

HTTP Response

200

HTTP Request

GET http://www.horacerta.com.br/avanca_relogio.js

HTTP Response

200

HTTP Request

GET http://www.horacerta.com.br/001/estilos.css

HTTP Response

200

HTTP Request

GET http://www.horacerta.com.br/002/estilos.css

HTTP Response

200

HTTP Request

GET http://www.horacerta.com.br/003/estilos.css

HTTP Response

404

HTTP Request

GET http://www.horacerta.com.br/001/fundo.png

HTTP Response

200
67.205.27.173:80

http://www.horacerta.com.br/styleswitcher.js

http

Win32.WannaPeace.exe

1.0kB
11.6kB
14
12

HTTP Request

GET http://www.horacerta.com.br/styleswitcher.js

HTTP Response

200
216.58.213.2:80

http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

http

Win32.WannaPeace.exe

2.9kB
68.3kB
54
52

HTTP Request

GET http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

HTTP Response

200
142.250.180.3:80

http://c.pki.goog/r/r1.crl

http

Win32.WannaPeace.exe

349 B
1.7kB
5
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.180.3:80

http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDkGIO6g6XzohJ3Fub52e6y

http

Win32.WannaPeace.exe

463 B
845 B
5
3

HTTP Request

GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDkGIO6g6XzohJ3Fub52e6y

HTTP Response

200
20.26.156.210:443

api.github.com

tls

msedge.exe

2.0kB
3.8kB
10
6
2.18.27.82:443

www.bing.com

msedge.exe

156 B
3
2.18.27.82:443

www.bing.com

tls

msedge.exe

1.9kB
196 B
8
4

8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

github.com

dns

msedge.exe

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

215.156.26.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

215.156.26.20.in-addr.arpa
8.8.8.8:53

71.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

71.31.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

205.47.74.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

205.47.74.20.in-addr.arpa
8.8.8.8:53

avatars.githubusercontent.com

dns

msedge.exe

75 B
139 B
1
1

DNS Request

avatars.githubusercontent.com

DNS Response

185.199.111.133

185.199.108.133

185.199.110.133

185.199.109.133
8.8.8.8:53

github.githubassets.com

dns

msedge.exe

69 B
133 B
1
1

DNS Request

github.githubassets.com

DNS Response

185.199.111.154

185.199.108.154

185.199.110.154

185.199.109.154
8.8.8.8:53

github-cloud.s3.amazonaws.com

dns

msedge.exe

75 B
253 B
1
1

DNS Request

github-cloud.s3.amazonaws.com

DNS Response

52.216.219.177

3.5.29.124

52.216.221.121

54.231.235.33

16.182.106.201

54.231.136.121

52.216.222.169

52.217.36.252
8.8.8.8:53

user-images.githubusercontent.com

dns

msedge.exe

79 B
143 B
1
1

DNS Request

user-images.githubusercontent.com

DNS Response

185.199.109.133

185.199.108.133

185.199.110.133

185.199.111.133
8.8.8.8:53

154.111.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

154.111.199.185.in-addr.arpa
8.8.8.8:53

collector.github.com

dns

msedge.exe

66 B
115 B
1
1

DNS Request

collector.github.com

DNS Response

140.82.112.21
8.8.8.8:53

133.111.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

133.111.199.185.in-addr.arpa
8.8.8.8:53

21.112.82.140.in-addr.arpa

dns

144 B
117 B
2
1

DNS Request

21.112.82.140.in-addr.arpa

DNS Request

21.112.82.140.in-addr.arpa
8.8.8.8:53

api.github.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

api.github.com

DNS Response

20.26.156.210
224.0.0.251:5353

msedge.exe

526 B
8
8.8.8.8:53

210.156.26.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

210.156.26.20.in-addr.arpa
8.8.8.8:53

raw.githubusercontent.com

dns

msedge.exe

71 B
135 B
1
1

DNS Request

raw.githubusercontent.com

DNS Response

185.199.111.133

185.199.109.133

185.199.110.133

185.199.108.133
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

56.163.245.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

56.163.245.4.in-addr.arpa
8.8.8.8:53

241.42.69.40.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

241.42.69.40.in-addr.arpa
8.8.8.8:53

69.209.201.84.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

69.209.201.84.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

github.com

dns

msedge.exe

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

api.github.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

api.github.com

DNS Response

20.26.156.210
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

10.27.171.150.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.27.171.150.in-addr.arpa
8.8.8.8:53

github-cloud.s3.amazonaws.com

dns

msedge.exe

75 B
253 B
1
1

DNS Request

github-cloud.s3.amazonaws.com

DNS Response

3.5.25.141

3.5.30.218

3.5.25.44

52.216.28.20

3.5.25.147

16.15.177.5

3.5.30.59

54.231.160.89
8.8.8.8:53

spocs.getpocket.com

dns

firefox.exe

130 B
262 B
2
2

DNS Request

spocs.getpocket.com

DNS Response

34.117.188.166

DNS Request

spocs.getpocket.com

DNS Response

34.117.188.166
8.8.8.8:53

firefox-api-proxy.cdn.mozilla.net

dns

firefox.exe

158 B
320 B
2
2

DNS Request

firefox-api-proxy.cdn.mozilla.net

DNS Response

34.149.97.1

DNS Request

firefox-api-proxy.cdn.mozilla.net

DNS Response

34.149.97.1
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
119 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191
34.149.97.1:443

firefox-api-proxy.cdn.mozilla.net

https

firefox.exe

2.6kB
16.1kB
10
16
8.8.8.8:53

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

dns

firefox.exe

100 B
116 B
1
1

DNS Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

DNS Response

34.149.97.1
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
131 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::
8.8.8.8:53

prod.ads.prod.webservices.mozgcp.net

dns

firefox.exe

82 B
98 B
1
1

DNS Request

prod.ads.prod.webservices.mozgcp.net

DNS Response

34.117.188.166
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

188 B
220 B
2
2

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

34.149.100.209

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

34.149.100.209
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
116 B
1
1

DNS Request

shavar.prod.mozaws.net

DNS Response

34.218.156.47

34.211.181.209

52.32.18.233
8.8.8.8:53

prod.ads.prod.webservices.mozgcp.net

dns

firefox.exe

82 B
175 B
1
1

DNS Request

prod.ads.prod.webservices.mozgcp.net
8.8.8.8:53

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

dns

firefox.exe

100 B
128 B
1
1

DNS Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

DNS Response

2600:1901:0:74e4::
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
153 B
1
1

DNS Request

shavar.prod.mozaws.net
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

94 B
187 B
1
1

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net
8.8.8.8:53

209.181.211.34.in-addr.arpa

dns

73 B
137 B
1
1

DNS Request

209.181.211.34.in-addr.arpa
8.8.8.8:53

api.github.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

api.github.com

DNS Response

20.26.156.210
8.8.8.8:53

collector.github.com

dns

msedge.exe

66 B
115 B
1
1

DNS Request

collector.github.com

DNS Response

140.82.114.22
8.8.8.8:53

github.com

dns

msedge.exe

112 B
144 B
2
2

DNS Request

github.com

DNS Response

20.26.156.215

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

22.114.82.140.in-addr.arpa

dns

72 B
117 B
1
1

DNS Request

22.114.82.140.in-addr.arpa
8.8.8.8:53

9.179.89.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

9.179.89.13.in-addr.arpa
8.8.8.8:53

api.github.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

api.github.com

DNS Response

20.26.156.210
8.8.8.8:53

github.com

dns

msedge.exe

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

api.github.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

api.github.com

DNS Response

20.26.156.210
8.8.8.8:53

github.com

dns

msedge.exe

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

api.github.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

api.github.com

DNS Response

20.26.156.210
8.8.8.8:53

www.horacerta.com.br

dns

Win32.WannaPeace.exe

132 B
164 B
2
2

DNS Request

www.horacerta.com.br

DNS Request

www.horacerta.com.br

DNS Response

67.205.27.173

DNS Response

67.205.27.173
8.8.8.8:53

173.27.205.67.in-addr.arpa

dns

144 B
262 B
2
2

DNS Request

173.27.205.67.in-addr.arpa

DNS Request

173.27.205.67.in-addr.arpa
8.8.8.8:53

2.213.58.216.in-addr.arpa

dns

71 B
138 B
1
1

DNS Request

2.213.58.216.in-addr.arpa
8.8.8.8:53

232.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

232.179.250.142.in-addr.arpa
8.8.8.8:53

c.pki.goog

dns

Win32.WannaPeace.exe

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.180.3
8.8.8.8:53

o.pki.goog

dns

Win32.WannaPeace.exe

112 B
214 B
2
2

DNS Request

o.pki.goog

DNS Request

o.pki.goog

DNS Response

142.250.180.3

DNS Response

142.250.180.3
8.8.8.8:53

3.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.180.250.142.in-addr.arpa
8.8.8.8:53

132.89.115.104.in-addr.arpa

dns

365 B
139 B
5
1

DNS Request

132.89.115.104.in-addr.arpa

DNS Request

132.89.115.104.in-addr.arpa

DNS Request

132.89.115.104.in-addr.arpa

DNS Request

132.89.115.104.in-addr.arpa

DNS Request

132.89.115.104.in-addr.arpa
8.8.8.8:53

73.31.126.40.in-addr.arpa

dns

355 B
157 B
5
1

DNS Request

73.31.126.40.in-addr.arpa

DNS Request

73.31.126.40.in-addr.arpa

DNS Request

73.31.126.40.in-addr.arpa

DNS Request

73.31.126.40.in-addr.arpa

DNS Request

73.31.126.40.in-addr.arpa
8.8.8.8:53

82.27.18.2.in-addr.arpa

dns

207 B
131 B
3
1

DNS Request

82.27.18.2.in-addr.arpa

DNS Request

82.27.18.2.in-addr.arpa

DNS Request

82.27.18.2.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7cd657689252f6e187103461e20f5b3c

SHA1
b7d25c41cf8647eed146807514ccd3e1a0346925

SHA256
de848323f395a0ebaff3073ac825f9b84aeb4855d95197f27881377d13cff032

SHA512
0245dd348ed45fd9fe1419868ae5c44a561cbf6d2f17ba8d51100951910c0c861d4e6d80b00e3d784e25472e48d7be11c9000b75e3a1d91af1b7dd68afb30a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
92b7ee90cb6ee71d3e49153ff23c6ed6

SHA1
868fae0e4d4169e57991c90123d7ac17dffbb0d7

SHA256
ed23a79b8fd86a47c392d5426b2377d01e2c653d8a0af6f8b6310be230ffd6f5

SHA512
74ec22f8beef2c0feefc4b3f9e261f69816b690e214d757fbffd830d51552284daa513fff83eddb60d066ac8dea7b7382e4b90f44b12aaf7461da204f7857cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
c099d58aa897eb84f5b6b1525254bcfe

SHA1
934a43eca5374b6cc5b5577ce800dee3bc638dba

SHA256
0044a40436b834341dfcd5892eec3ae735eca97b6195d8ef2be279f540ffbad5

SHA512
cc9fcba3be16e453ade10e93b24c5225894d6b3b8c609cd6d86d06a4b82a378f580517891cc91910c312f6a3dd8f6c1d4d06809a8c150e6583559cef704d6515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f7767bda7eb5a413a3a75c551d59c70e

SHA1
7508b7ef889ecfaec30f09580ae3f18876397b8c

SHA256
c3491f0c043d7ce2511b3a71f3ccc092798f4cd8f49cea99ededc21ae8356603

SHA512
48033e3cbb57b4fa9d0f05a7594e4be386ae9b56ae81d768f5159e10d5d05504b88e3105fb35b1d2fa76982ad74f10927cf9bd5c7fc13f1db3c322bbb43adc52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9ce7f0ad2d2bce1c84ff723148222cf8

SHA1
c312ca46dc22b96a378a5dccf134244d3f44908f

SHA256
431334c19903c8de5283af98802f34861a405872565fe0f3b811586ffa3696f8

SHA512
66b464f21f79a8c0326477b4e7396933f08f417c8194aadeb751cef75f6c0e325f1c1e8cad1115d938682dc7996cc32a0c686678933c98cbb98550d1e600fc7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
b265bfbbcc5c380a73ad6c909d35ef93

SHA1
66a9657b91fe58bff32fe67d1df81f544b02166f

SHA256
9d1d272d89a13fdf88e49574e546b686efea8e13eb2106e7a85e340c8313ab6c

SHA512
23ba4e38d2265e904df8e04c845ab64842fc4a09b4527247ee7591a0a18ac12ae98b612f491a7a7e72d11d43acf377e4978ea389d30f3d8d92c7a9c8e23d43f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
bdf69816ca3ff2f04f41e0e5b0b7cc8a

SHA1
7cd290c56f02a6be325e4f481acdefa0957f4624

SHA256
3e69494cb7afb96a2201798337dad896657254a75d4d2805c49d52816c7bbd68

SHA512
de6123930266a7bc9b5d7d960369dabbcfbe8bf3d83fa8a422e14fe6302d1f438e5aae5ea65e6f9a7b7c85c876caa256fd13b5b9417e6d4c713f08803328ed37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
376d5d7ecc85b1210913eac9f8722f5d

SHA1
1fec0f32b42c93667854eb6d7db9c4e015f45f46

SHA256
94c1263d462337356d2fd721b04aa096f49bede99f9cc0c3bf70dd0ce0089bad

SHA512
77b7485eddea7b0814fcc0440a51f4ec8794b35a23c3bc9be59e9bea60a77ef7beee3d01ca238bcf958154a42af9068dcca74cba9694b1640648b2b4d88ae08d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
9d52569add224c6e9b143b048955a96b

SHA1
aef8eb0d46e7fec9b0b1073e774aa51c22b0d300

SHA256
8807ed8d35b4e4ba9bd0275ef9728b61246867de4278cf90b1a65da2cc79cb0f

SHA512
a049eceff32d7734e7502bd5f6dac45b64a31f2fcaa17a956bee5e0ee942c8080248e8cad33c8e5a8893ded115ed192516c5b82498c350e63f24aa6dceee5067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
2e322a88741decd92b1762590b2360b1

SHA1
199baf887083a2e01a14a7ab4f3c7cf6b7e6ef8c

SHA256
8ac0ce9112e3f8f1b829ce28a6bcc9cd146deb5bfe1a44b209f92d93a36537a3

SHA512
566c408c53599dc9de2887bdac538e907f105edc73e6270a7bdb4132f266573cc054ad4824ed07c6c2f0b8f5782d9a8111055db590d79dfc11e6672b01bafc46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
5KB

MD5
639e9bad0b653b48af293f90d976eab3

SHA1
2d8efdf091ba0e3d2bce074b429b4be8d6d4c6fc

SHA256
d6822a9ca2f7154269f0ed4ffddf96408e0fcebeec518b1e5c7563ccaf5b6f24

SHA512
5d87f1a4574eeef1557d654ef09537a19fd9f2b49ed96e5f3fa83f00e0db4fe3df5cb992f86a3583a669c2f485f2ce364b6de75715f381855214ac0e286d17b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
12KB

MD5
e41cf0f2f778429b8b5ce4f63e6eb6b2

SHA1
6757222fa14d98fe668f1cf00b67a93f57b546f4

SHA256
1b4ce210a10eb835da7f40b6416d14d348ca947ec30592baccf4ef6a50803694

SHA512
97ddae12a1a91d27ab9288d0d151ec28b4a59d37a56bc2100ba5b6c2f2da9d50c258abb8fd9fa01dd593668bc9e23133396edb7d1d1fef6e7219e15d1d63a4d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
d162bc0fbd47a3763199de6b6aad8fdb

SHA1
416ba6bc14193f24c405ed227cb07a4f47e470c7

SHA256
9d034412d73c1b8a196ccd53b091c3285a5a535687e847ca404f6e1afa81f72b

SHA512
1e7a9def0feaa56d4f1f81b00440a5806536c2e0ff1f2282c714d1165260fc15d7dda49147aea74b427b1d819f5b9848f51f95f6ab98f5fd2964be2e957e1a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
8d2e35ef5e680209262a2ac011f22a63

SHA1
3da604fe13d647f45c5236949de0a1cc3d3006dc

SHA256
9a51cbfc34a99cd5e8540827f9796364cbf35b01e6b535b7e06e51bd9778dcd8

SHA512
4eb414626c9fd3c013cf1dc2cc3303d25002505f97eb1f1f1420653277333b96710946b9b9bfde5dc3889b2259df5259fc23e23df29dbfd5df94c51b41fe8aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
d364fb8b3ae1e70bfad5638668f3a127

SHA1
dc5ea65ec4cfcc774be47d2a38fcd16f8e322276

SHA256
4a5cc6105eb81b87cb4dff4bc4b1f74f1b4972a212b66fd341f0a7234e5b24d1

SHA512
91f9dcc65d12c2178a845b8c9ef90d5850154038d4d35285371fde40f6737015e8f593c554f82b24e3ebb8bf3871feeaa231364cd2a8e23966a36ac9d15c2a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
46fa4f5f7344089589d117bd7599b3a9

SHA1
b6cc1fe19e527d4a372c97e4d195ed94eee40030

SHA256
223280d95a13f1af6af06459bbf230874500c212a2e16f63914eff3f22e8b57a

SHA512
6b680aedde7e806802652aab9ab31cb21438bc8756b063955e6f03bbbdf1273f7d47c40ec1a19fe27537afeb8d6cc219a246d31f7c6822b481649fe296e2a45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
8567e1f2692c0b6b22ff80d629299c19

SHA1
58cddc76e9ff5e87f484897575c3a00f748d903e

SHA256
401da02959aad39d1b085fb55389b5f8ca4ee9724f7ced382eda6517490bcfaf

SHA512
4c94507f7f61227a4f10c6380e132df75d8698fb737b635e78c1c2a280b3313f61069eab4117641ae862b228e791e207960ea267fbf201618f6c2a7671a505e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
56fa5301996582f57b6d019bc3b36645

SHA1
374064d8c0548ee467188c9684ad314fd2914355

SHA256
dfbc8ab370a6edb56b00b98fabe754550bb40f77a7835a5baa93ca3d5c9203ba

SHA512
e30f35c11dc823eb06e0552e8c45c8f245e715ebb2fe8600ef8be231a097f0bea74e3a20c839704f5eac55cf0d1357e7a620a025378b7c6296398b338b7050cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53e8ecd452b0c72425bfc7a5c0580c39

SHA1
a5bab67254491b6539518405eccccfb5a4c97e1d

SHA256
c79bc0b207f072f2af19737f30f3cb07c58fdc7d2fbab12109b254692a006ba1

SHA512
d6395f02175ae6c535388a749f13197703de4b03d8e85ee7883805052c3a2918e16fce957b56baa4e7aadcaa5a94c212e9ab4c0a76bb31cfcb97f2b46f89adff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4c00735dd937007658ce2fcaa68690d6

SHA1
f81b4119006d5b7c37c4bf08119de9aa9366a5ef

SHA256
121fd368f3f803ee7815a6732cda6c96798409a89c3ffd26a70602fcf86f65f9

SHA512
4c73c166b909fc4e9158fd1aac550f2d5788d3f68ec35b94658f4b40a2a51d5dc4f20497c398ffd2ea09dd4e74ef3ff67287e512491da2d1813a8515fa06f282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
43fd11e3ff8f1e7f6fd9827da4fabf06

SHA1
97d5b0cd5324544b062257fd863a2756eb5b0b60

SHA256
ba69fc4ed39fa2305d68738b59241ac982d052c1aadd347f281e97c92b15bab8

SHA512
45f6a53e396da08fff757eaa0c5512c77a410d298b73a0f06311a6cbe0667469eda82b868dc1f4e1d0a0773f6daee39ec9447d0cf806db49cf96b1ab369acec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77a926994ef12502888c6aafd35c7fcc

SHA1
134312e705ce7a474f47afdc1ac8246c08b476a2

SHA256
2a5ef78298ab57e9ad0e85d3a2df814584baae9a5aaa08f7af0bdb7a8621c86e

SHA512
e3452ee280b3470ce72fb6bbae01cbd1980deb1d19ca78ab963953374fcf3db38362d4b0402ab8c7d21dc1bac32e7d2e1e674d8ed723a2de800e7867ebf599a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8a43919c156e5d6c95aff41336e3ab90

SHA1
ed88c95bc79f2dc743d35785f6e44eea1cc7f8c1

SHA256
6a6cfccb4d56849ea74ef105523937cba2c6a7477da2d7304cbf75c4d6abb11b

SHA512
fca5e61b0c94450dd43b1b705f18b297de26f0072a93f9e35571da23afa75e4583d6940dab6de61ddbea7a7bc7c2e03fcd0e1bdeb16229041f866b6f74e52387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
92d5e449e7fd6439392e6149065994b1

SHA1
fd4f82b59e8c1174a85fc2f18a10397b876d6fe0

SHA256
67b560b8e42a1f5ac92b9230c6643e228278d9e4ab7f89d95cd2d6f1d1f7f31b

SHA512
665393490bdeacbac682dc3f47c6f75eaaabbfdee7085326633ce5f7fd1e4107d7ead0e23ff3dc0480a07d2c2beec5ba3fcb397e2523d136c150a5f1a93e29a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
2KB

MD5
474e4057932e61023a40f698b44cb23c

SHA1
1c2c00010e628b3c739f28e65ab56e204ea8541b

SHA256
3af51d2c3cd68735148cfc71ac44ab60570ebc81e29bcd899983c0a6380053dc

SHA512
fabbce382244b3b9ceef5736ce692d612f79cb73e2f17964eef9b362769d9407739c4b5ab60c51e4386210b73d0d16d70d1251fe0be843ff4a8ed1da9d88e430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
b99bfd8413bcb4bf7dbe832d05abc0c1

SHA1
ae7de06f060ab9d5145f339b439b767b6b4f8daf

SHA256
735e493a10836f90bda96281c9f6401fb3489c6feffc07110f1b1b2470b4c605

SHA512
e4b14daa9b1c41ede391e435e3ad31b26c9f397b1de0c32d730275202017ffc964699e462997352fe7b593e2f4bfbfa166b62c9bf05a4672bf64317206c344f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13374621749770711

Filesize
16KB

MD5
a6fcb73b47c28976072d8572b486e052

SHA1
6a40d2568723cb79a7956f94dfbacc83616f18d4

SHA256
46cb2be57ca9ff5317d9bd5940702cee0015431e9a25c9d638e6654a8df444a2

SHA512
256c49e2b9b5864372775c325b1dd6d900df94f0e6caa865a5e2d9e685ad18fe8dfc63d4f3826074081069b9a785523e9433dde117d986cdddbe3fd650753fd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
3f5a1472db5d119881e256e52381623d

SHA1
adc71fe82bedbded5de589a030833d01e4cc4d21

SHA256
1ed62c8b1337daf4abb81280951c222aab745373a28d105facc7e4438de67dcf

SHA512
0fda1eb86b186c92629a845d8bc931f8c27ddb30d1fc6f3e80dee469f2866af0cf512c6039e2e5065cb256ec94058debfa9246a286700ea1c29d70ee3c017eb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
31ce6246d4dd53b56c154cbb95c6c3bc

SHA1
0f9902d0b55b79c537aa3d74d4d08a8cd175ea1a

SHA256
c25dbb09a29daf1cf61407a921557450ed992d2bb9602976ce2c43ac0abe1275

SHA512
fbc7bcf4a7744d7d4ebdf5f71c531714d2598ac42cd848bb1816b4f2a98d4d4ef04b9a6d8a9843ea24dbdda6fa9d5b0328de7930a0a8b418174f5e21e4033488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
8babe54f05cace7726fc4bbd50baec33

SHA1
a981404aa490ee386ef1d1908b7604bd118a220d

SHA256
7fa91f65ec937a1a53434982845e1ab69addd1c08edc27dd912836ffc401a273

SHA512
b19a62bb154698df12a202b799e3b2bfcf5261cac436b6aab7e157dcdbb5987028908a66b0a9a4a53aa9b52c1d1b5af2f72804f9328c3611a64c1c84b66b538b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4b6efe706f6739eb2833f425abff35fd

SHA1
99c6f4b804a3d04e3c3723fec5e5efd231d9f3da

SHA256
1de79cb76f31206675849479405c7ae247d77de6917ab0a01d8da14d6c489adb

SHA512
d6cf80e7e99d41ede31f3b4540bfcbed266bdb02fd8a9807950f628caef5874b4ef4d514bafbdfeecf9508ba79acd6bdee5c9eba61b49e6c2896af8f052c3438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
483def58be191f3375ba5677bfce1896

SHA1
4726230159c64536e7d8a9272cdb0bab45d3fc31

SHA256
47306659fb35130682e9e8947cbc932c82dc8850687a5f41081a7f5c840c3c88

SHA512
7e51b1c7d74fd96d71c4368423d35a67838d5c17c812851a37f0dfb71179825466307524c557d342cf51014ee96b854e17ca2ec6e15b75c5496c909a8fbf0875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
277bb96b57237d5c05159db4ff981c8d

SHA1
5ad05a81f83898ef99ca8d0c67bdfdd29650a9c1

SHA256
e7bf491d45b549332a8f8d9e3d6b3d9a5f72129e09c5a06847e1a3db544d719b

SHA512
66554e43b297fd48e74fd10af2b7e88db051e7410406f8a613e59b5f6e1511eb9f0427be4abe8abda9f54df8fa064a4cc16c9bf7493ad25742c989b6ce1b8909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
42105776006e15bd40139e8c27513b85

SHA1
fb0a080c1f83ef25ec8490789370e880aa205afd

SHA256
09dec215791a9aff5a69f32d68f0ee8aa37355b5145cdfc3ab92ee87c77c844d

SHA512
b4be7b8f8ad58d6ae89d5dcb1ab59d722afd79349f1967fd5daaf1b1649fc2cfb8015abaabe1e037e3b4c4a372e5cbf39d93ba6fe58486a23a81b441606a5940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8476c1bcbe95ea5d6ac0edd37b8e47fc

SHA1
a248b59a5ba02b74c4f586cee26d939bc8f0ce24

SHA256
c28fe81656c22428c3b53f8a78e4bef545f772d0318c14ab934a4f88834aefaa

SHA512
3adcf1ab5fdab7133272a17b501cda0f438d91c20b5de82e4c2ba188d9c78f1cd7688cd0ba7d5df35e56339cfa14af9ebfa5e9ae5a44431c224e8372d924b77c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3ab246f495dbf791b4096dcbf661082a

SHA1
1910e3c04c2dd29b658787439f60f5ad1ad569c1

SHA256
d36c7d90c30f4e85804c09a3ab1b14429fcf8fe4beceb3cbccc9fb47ed161a89

SHA512
50bccecafb6fb225b72f1a7a88fb08bd472e31df9ad8f658f05f56ccb132588086f9feb84d971afea191a7dad9af767cdac1d406efaee63f42a629b4c7f45316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cae87de8aa9560e59bde2aa178982bcd

SHA1
8a9df99eee0cba87a9d8d235fec2ee31130a7635

SHA256
4006076c35918e45407e8a9aa31054d62cd6df2ae63215e041f07da7bf44b72e

SHA512
f29b5698aebe036cb6177ab72f97b227506214af0c536d6621cd26f3364c0f15d30dd2544f1774d94c8c999e92e29a5170ba877e4cc025cfccc1d2f0707b140e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fdbc19faf463ba8cd9ae0217aecc2f10

SHA1
105209e6b1bc74b182852503e3a823a7f3427d88

SHA256
b299804daea13735a8d3850912c6936966c696e892517ff9235ef7779f1ef70e

SHA512
262ffaa51cf8e193dce73f0cba44d49f44c75586206de768be5469de81067360662e0f4a6db3296725ba847872f94e9d55fefb6bb08afb9612322221574ce6e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6346049d1242460b4d6d3b31a78a0f47

SHA1
526b035efd1d967340f51fdeb085e45e690571d9

SHA256
594f0e10530df3fee389080636bf10938bce1587bee761f1d209b244e390e355

SHA512
a73b8b29b9aa5e65aa1099a1f88167ee590a51972ead606a27f3110e5fe5b5dff8c14c6c819250446cca7126058b22aaf04bc7d1fb6bb19ca6959dee73cfd8b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
74ce076c15fd4a07c363a87b7de41802

SHA1
80b97534d0ede81fd36cffbe098145ac248b034e

SHA256
e46e2fec1b0a5888f031dffa20f65e1f46a7cc9a8f8e344bfa704d3bed32a2fc

SHA512
69277c673185814d43438f22c0aec78de3dfe119505054780ce336f1c5b86451428372e7fb58d4d12e5e68c789410bc5c6290b74a4b4f98d4962a8a96250dfc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
95ddc51a558258d8acd13abc2cd2ac07

SHA1
0ef7031e6523bd706061699616f1bdcddce8d05c

SHA256
6f93ae235872dc0f0ee40a0cf32130d88c8edf88513fab942a0946e061489ae8

SHA512
61c46be9be2cbad4ecab1891233ba0e76946b1161d5933028502acc2ca0032949d4c6dc1dc33a6c07c8ed531e3d1ac182f552de0622a2a181a20dfaea733cb4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
962afde065732d2bf83b0d5b2fdb57a2

SHA1
f332de78667347b757fca9ac874898cf066824a6

SHA256
3e2a473edde017d7377ec6678a9a288cf287fca167af288c0c0abf81315d2f84

SHA512
91e7288b16afb5d9769aad254627eb52fc07e0b46e8dcb2d1f60e83ea5f931d0d151a2bfbb73d30e66c37ee936c8c14bdaf069a07c1367d07262ec684f026a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c43efe6cb3272d780f0983917ca8db6b

SHA1
0e86fa16ae4eeaf7a12005c13cb6238c4354be83

SHA256
1d7baadd7a31f26b7b60e257bdfa01b729f12e4d87d1b2bcdf05abd94bccc645

SHA512
9abc496ff2a1b8e46091bd8bdc23321d7b09bb961b674da179f810c1f73b9b0f8870faad59b77cf1f1a3afdce684f67538388cd0b4e423245f94f7d30a30794a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8fb40f5b099cc7d849c205f4246d511e

SHA1
e5e331d21beeca2d08638d92f8d34e52bcc6eb4e

SHA256
3c4a7db7835244b5c4cf6334466dd797d28411e0f090ecb434f1a67855d7186e

SHA512
7bd5b9bb3769b8d9ac174ec53ce61e6bb9ac05758686bbb53cbc5b8191d6028d4bd4902af75564683b0ff5d2f11455beb0790a2677cbd461c332a031f29e6004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
397868bc40f7c1d7431d180b63f307af

SHA1
b0e3de447bb7048317dba3a14b143102c4503f0d

SHA256
bb029411afe75b042f45db0670e2835cce04147e2bbf5f1dc219b99ac2d51e4a

SHA512
3ffaa7c7eba92aa8a105012332f939338f8a51cdaa21d42d91506783be17e53db1da0eb15b91785451de0546b0a3f720352d6da7bd3cae305efbe07e7f36d58a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ae4bdc82a7e4b93aa2d654b81ae4619d

SHA1
e63adfa447a5f4a93517a9d28e55f43e191bfe99

SHA256
a058593bac20ecea2d21d7988af61959080fe36de36ba8b584fca7fc8c812b66

SHA512
0efb822d0478a02d43c801bd6765ff28b0efdc3a43ff00c9bd4ebdfb4fcfd3dc4a22eb6c6abef0e8100648a5ea0a4b94c5d69c84a7a17121e5370c99adb6bcd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5415bfc943fb8ab9e496a087ebbef097

SHA1
dca9729be7b13fc8fa10f1849f1b243651f6b4c7

SHA256
15fec0a089d109ea598f60331b7791327af6cf21529458100b23a73082393704

SHA512
dd7038141d3604c1ee8e1fb1a92689dfec8ac35840bf7c0e5260b89fc249ed5b8b6ada228d3e96ed91456c9d9bf6bc31df54dd8ee1be5e4902e98598c4e82b96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bd654241194a268bf6670e8da8d6fdab

SHA1
047da90afb2472059393004a6f889b7011f9c7da

SHA256
5beb56c479fc4561114221f419ff9c210f4cc887ea60d25a4484c5de81cd469b

SHA512
0e485e46827769004e6c118f7bc2a57cb7bf7d992eb5276a5af908a75da431d9a8f6960f40031e19324e8d87512925cc70649320568e581db7ad9a3e05b89490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2794d36d3be658c8f19ca099616e2ddc

SHA1
f4e8196cc10ace562bbed4266a3f98de62aaf30e

SHA256
cf356590f79eb8ed4d2ba9aa94b1c0264e78791d72212f888278e9074d365394

SHA512
57250b6ed716216efb55a8c9680263ab69a0ca4b650885580bff890b0624053ed29dd6a6a67c62d7b7fb5c84058fc8fefec27eef93d773ab7c5917c136766b09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582872.TMP

Filesize
1KB

MD5
a1ca3d820a2927082f53681b243c012c

SHA1
db019f12231fcf777bbf8b79497d6036349edb9d

SHA256
e4bbc0d56c19e979533008afc96792d7d71fd29a2055c1a997c7b80bbe144d5e

SHA512
92fcd96aa105025bad316927dd2b493a241384e19acb4ca9c7590d9ebc35b0fb71718b7dfef1f71a2e21b1e22bd6f6c6e0d8517cc111e6b435c75a45456c55b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
7ca90c40a64ef20f63ebc04f1b52083b

SHA1
afc97c9c3944e6fbffa4099ab991247a5a0d787d

SHA256
56b29e354fc4267b891eb88e0a162d52ae8b8e52d38c0f314921cd6db785b424

SHA512
2c23de35af7d2e90947c045017f6478474cd522b1af2ad072f450034d445c357b83fb7df188558b42f8e32ecfecb39b2ef8d182c6bcb422c460f82d1f2b4ffe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
f2c8e508945cd1704d7d9c22bf40cd31

SHA1
9a0ed1ff3faa2a5e85209b712994b22a5fb344bb

SHA256
4bbea54b7111ed5c5c1526ff0784619f72648bb22f3f4651c57a6e8b2cf91f21

SHA512
b7406f44bc5d2935d970e72724b3c05da88e1d4ea2f855b1ed37b50350a591fafe2303fbca93b6f419c1fa9d857e10545b6d0c82eb82dd49d6b3eaefc22686ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
23KB

MD5
245178e9594b2a2264277bdccc76c31c

SHA1
d33af1cb5d14e88002a390b2bce2db7ea1078a97

SHA256
cfd0921982ef0ab9dae86f78cb955a161c5106208113c62d362292eaea49c4c3

SHA512
102f9967996c2506fbac357aecfd9afc6ec5df700151e45ff8640131ee8aaa61c0df21076fda7f97477f47037dac11875d6fd70bbd1a5ae7703e9c175e81c115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
1bf3a1a102ce95452a6709113c1b7d5c

SHA1
208266dbb0304e3c965b0c1eabff2b37a532f2a3

SHA256
2447127d95e949c72d55c0f976c3977ff9b10d816d46c7a7d07890dc361a1c56

SHA512
c7f980debb6ec5217ee49a4b188b4fe7b4145d56fc25e7f054d0c002c80918ab3ce74ea54886da1d6f58881a5e4c6065e4973e54bdfa2d1dbca824d741fb1700

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
99ef8d9330b733d1c6bcc881f5714df3

SHA1
89957ce650a64adba193707096f537b2851e2334

SHA256
216424a4fe224a037bc881b52d8f65d4576f400764463eb33072f94f7db34024

SHA512
bfa2f587cc2430ca6001c0ac5f8609de59ba202730545956b8f57b6bacee2a50c506b6ad6a55cdb33c6d18bf0416ef185d46a2173618766e75680715d3160266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
438a62ad7a3a164cf2d7c4c2dd480d9e

SHA1
b1abf3e99a429a972eb4136482497f0b378953aa

SHA256
d241607cc63399a96da9aacf440969935d6128b9338f7937665dac83558943c9

SHA512
7f6286a40eea65fbf0515177c357cc47d204c1906dda1a18f839223a6495a1b368401e1338d221b6db895e237c72fd2ca365e86bc3534210263a1d3fe8a3c51e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d30db5fc4f1bf991321bfd1ca2f0f7c1

SHA1
26d6f003659f7e5f14df6dab9d399376192632c8

SHA256
bb7afa074c6581fe76a8940bfc127299701721a4432c84083f732b07308fb34e

SHA512
c641ca3d709374ceec0b7d869b492efae7634bbdccadc9b7d8a1418cd11de6f8cf451fa9b48da839d5d455bd2d3a5ffcf39ca38b6badc278fc7e2b10f86bdeaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8103674de8e4a79b014ce5c6740eeeca

SHA1
10ccda39a9aea9b170f095d9806d1fa72278529c

SHA256
4cd7aeac1cce5325d08b7ef22930009647f4a7c11b06c7c3c74ba043c75d9e6d

SHA512
154a0058778c32276554c01a35a4dcecb25513f4ef7e8f10da4ff2996a9bff25ab31661917721df6472d3bcd6c2d2c7cd4cb28d80b8aae8f88bc140cfcfbc2c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a75b2410cc2002a46d9f903f07e695a3

SHA1
b4f8570e494f659f984caa3ebafe7f8d3e428b2b

SHA256
70084800beb48f1c7bd8f06ab2a4a2a00025c929896f2f8a433daeb792299f4a

SHA512
c0f743014522609fb08dec3a5bc71e050a6107c58b2b7ff9feb3803fea3bbad904fd9cfdbbcbc6aa098abef5065740847d30ac4872077eac3a0caff26ffa4ea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3d5d0e59fd98b9ea32f09194cc218b4c

SHA1
fe0198c4826e40727ad81a51eb230f6181f44d2b

SHA256
158c8f2dec112941ee4baacd9466483a670815028446bc3d56f82ba6131b3274

SHA512
448c3500575e7d50f54241ffc52f4ac50d01889c4c113b0cdd1e9f4d34642ac01249ddb5eeced00a82ff9c002ce44ef2832cbff4b677f239cce515a7f7268471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c908397fb2a48f6d9d3336b5504ade80

SHA1
5c3568bdf2bb550a200ce1052240027e9cfa4c21

SHA256
d4ee04af4ef3ad8bda80c97ec07101864bce523aff90e3c684b6128e46b2558b

SHA512
d5190d1c15f4a44da5c79fea46660b20885b774e34100c38b9d8a427c7b4950429f3e73e463b4dabd516c5b561447be50bb24abc7afd8d14073e0d163710f8ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
782d5c33889ff5277ef3d5cdbbbb1bc9

SHA1
179b35ef9191e469895e6d3c2aa296632b88a287

SHA256
7f45bf3c8b94cd3dbe2a16019c2c372962db37e2f9981ccf7059a98db791d7ff

SHA512
2a40165c43446836d915e8753c1d5aead24aecb31c29239fdd5cd40bc7df574d295fa607e0b502dd4e449101d58f5e0c30aa68a0b34784338c972795945b7519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
85fff4af6e0c4510997a11197afd0dcf

SHA1
020c067bbdec0cf5210111aa8045b8ec2f833d18

SHA256
98340befec41c4a5dedf26579aa426028b323faa34b9b62c45e1bb67a19a4efd

SHA512
e42eed04c071db4f01d5c57c0637fbff11f472aaf84ba975e3e684447b98680fdfbc9e195216f18ae7f4183221a990c686ac1d3b38e34d94b9ee8db7dac26b2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
be81a04e60c776351c348deae393fa5b

SHA1
d6429e5e6a83a9ab1345cde0c41a9952c9ba8eec

SHA256
246bb2525899fcbc998d19b5a6b95498d534220f51f0c43d6b250ea232341b36

SHA512
9ca8bd3ae32e22ff76977e880058da9865914ffc5d6e3a3ff3de8a21affb7fc7452375158cd164a3f6cc16299b667569d1fb61593c0dd4906df2f75639f4cddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d6fb0ba2-f961-4a4a-b4c9-a1674d39918b.tmp

Filesize
12KB

MD5
c528fe8f940311e076a4d98a8e2986bb

SHA1
4b56d9e2adff12eae377166c9cab2f835dbd0f9c

SHA256
23ebdeb26216e8f0740cb2bd30ff7a91f5fe2f00efac5407db55652d121b0d9b

SHA512
14d7a48370b90412c094a8403d5869b6b80fac1eea2c9a5bb03a948c93dc6e781bc1bc7e8d0541f053cd6bcf040c1f464c39b2154f7ba5f810fc5db39ef72112

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\activity-stream.discovery_stream.json

Filesize
31KB

MD5
2edfa529b153cb06c9593fe75f0eb983

SHA1
ea44338e80aefb0b1830c3cbdbb60c67c94fbcca

SHA256
e8788f1d0384706e955c0bdcd31f46165585b5a5846178908b32f263dfd21292

SHA512
b772c9d85d3fc5aa2ae962c906524679dd89d58abb2a2f7f68eba3c705af6e55ae007e74f6a735974b1a27947994d996ba677f6ec557954960e5e08b95eef671

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
686293fabd7da38f5607c4e7429057f2

SHA1
acb6acb500e581789c8afceff27c72536d87b53f

SHA256
077c6c644fa4dfb1823c88a4d732bf2b21fca380545afc80c7911d11502eca1a

SHA512
af4910bd9d6ff6cc59e3e36022b58f1751c04e1ea0e1a7100f8f089c0e118f4cbe9811e86767f903c40b4835f9b6301e5a535b069b4da5cf85939c3f751394c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
c9821529eb4f95c7cefd547e765f8100

SHA1
89da0e2ef2d671e3e6849e9de9fa1b847fbae307

SHA256
134cbc5055a0c85a3f6ca47a0a6782b2707076ae2598e6b87245346eee7f8801

SHA512
c2cd8076c91dd15de8ee5926c3b150394fa664697bfa499581bbf581cf16fd201116a9a84ae74317a4ac5704c5660d6dc379090b2a90337d7a8c0f91111f708a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\53d3e059-ab40-461e-8889-66a257ee4372

Filesize
28KB

MD5
7344904c4b098683a93a02e96cdc3cb4

SHA1
5c820cb4e815e5d047477ede76c09a970ff022b2

SHA256
1c0a5e933d3dc5d5f57db8ca09f3c9deb34eb1ce8fdb1c5fb2a0913aba757155

SHA512
8a9b3b353bec6419bb11ef2089336cc2b81ff3e80f04111281c35b8d61c42584061c4aab7cd3f4f26e1ac44ac51062f81821261fbb1838f490eabcf8906ada23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\647f070d-804d-4a0e-a8e6-c74e32f48dc1

Filesize
982B

MD5
abae22a0fae7ed94fa04b92eee13c9a8

SHA1
d0fb64100d7c9bea4b46526637a4769a243ba898

SHA256
f9753ab386226fa754fc66470388b3666007df525f459f4f4ad3b2f1ece84cde

SHA512
8a2d37907f7366ff9ce9b8fd3a56021e3fecf990576aadcf76b4aefb4b80f9da99305327b8bb8d1d794fd49e1309d335ddccb9005286e7b97039aafdd36f531a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\6fc3fe14-40fc-4250-b336-611a2ef54a6f

Filesize
671B

MD5
2d146a152914bd5d86784174ed0b067d

SHA1
20dc9e4cd73ae31e9ce50fe334ba52a5785fa42c

SHA256
d6f0ecb05d10ef959628e5b76ce17b08b50cb6f7fe4fab74a8d4191e52876c1b

SHA512
353403ec5b7d3c0372dc9cd64d083612ee79e16d8585d21bdd79c3d7106e8b60ef5c0a6f4a9f945eceb0d64b6f49af53abe2b6885d0f11f58066b0ee9416e7d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs-1.js

Filesize
11KB

MD5
3dd12539c1d79d215f8320910488060d

SHA1
01571c314ae0fb94b280166fcfaf8210673a45b8

SHA256
46dae2360836341165722035768e172beb35100c576193d54172d97e0a17c096

SHA512
667b34268c493690d841d8f539bdc33d42f1376a2706fbe9825ef4b53cf2f2f9ce1de39a5db119245739ad6aabfdbdae8e26ac016310cad6b5b55554b210b48d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs.js

Filesize
10KB

MD5
70b6990a58fcce457b84b2aabe3c216c

SHA1
75602bbe0abaf89834e004246d1257e47031c3e5

SHA256
9e751248e65035b031bf16fd108a6ef0792167264e8ef2f5610b3517f4e5d741

SHA512
3228bb0b060ae31cafcebda6182f447a8b03bc5546f94f5a732f8797f2332e417f6b79e602dc9d001c42603cfaf56f56b3e086b272263be51a31b3b7b10275fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs.js

Filesize
11KB

MD5
edc5602b51973ef3ee53517749ce6170

SHA1
3546f40293684c0f95bc7ba59afb9ae944366530

SHA256
1574d2bb9b42635bdc83e45e796e246ccd3d57eed29b9986f2d41ee519a3cb08

SHA512
211218a39095e3c382b9c38c74201d9e80012741736c85b81f046a93778f7d3f883b9ec275ac812d59301d85ca333eaf23527a59119aa4043629b34ba3efd358

Download Submit
C:\Users\Admin\Downloads\-VsG1x65.part

Filesize
87KB

MD5
d6d956267a268c9dcf48445629d2803e

SHA1
cc0feae505dad9c140dd21d1b40b518d8e61b3a4

SHA256
c460fc0d4fdaf5c68623e18de106f1c3601d7bd6ba80ddad86c10fd6ea123850

SHA512
e0791f6eb3116d0590be3af3713c94f787f7ced8e904d4bb8fc0d1341f332053414cb1e9095ae2de041b9e6d6d55cf773bf45ebeb74f27bb95c11a3cc364abee

Download Submit
C:\Users\Admin\Downloads\Friday_the_13th.408.zip

Filesize
763B

MD5
2485d09c7b996855eded9ee500625773

SHA1
78b0450b55e8ab412d73e98115235ced86f13fb6

SHA256
06cb3fd37ab2ec2b99b6b1e88482ca57871674246e153c129ba256eec529394b

SHA512
8263a4f48aa0efc1771fa82da4c221b320debb8d111e8082d46079bc790d3a4ec09e8dd7748b082c3fa3abd1b45531e4ed59e9f168292b2e1ad9e10d9dd4e6e0

Download Submit
C:\Users\Admin\Downloads\Ransomware.Thanos.zip

Filesize
145KB

MD5
00184463f3b071369d60353c692be6f0

SHA1
d3c1e90f39da2997ef4888b54d706b1a1fde642a

SHA256
cd0f55dd00111251cd580c7e7cc1d17448faf27e4ef39818d75ce330628c7787

SHA512
baa931a23ecbcb15dda6a1dc46d65fd74b46ccea8891c48f0822a8a10092b7d4f7ea1dc971946a161ac861f0aa8b99362d5bea960b47b10f8c91e33d1b018006

Download Submit
C:\Users\Admin\Downloads\Win32.Unknown_SpectreMeltdown.zip

Filesize
97KB

MD5
98b25e3dcf67d0c5362fbb0514564fdf

SHA1
ad14ec4e344e2d0467a93f6bfe8d0700816304c4

SHA256
6db0b6f57010d9e4038a4b15f0344ad0a304e468a1a901c46fe802e70e23dcb4

SHA512
7fbf80ca1a5487f4466537cc96e7dd4181d0a913b9fb4ca97af34e03fc932d1e4562811951c10bccb03bcc084b86a4c96a19af106955fce432cc821f480cdd54

Download Submit
C:\Users\Admin\Downloads\Win32.WannaPeace.zip

Filesize
477KB

MD5
96593e22646caafcd606ae75f816c989

SHA1
ab3cc81a4304d0d5ad93f4e7b87e6ca42e7a5804

SHA256
cdb4ad5d0bdb1c44cad5937305f383331fdd75b2bf41c4f0fd66b8015002c5af

SHA512
ad8fb66af4483e694d806148b21633d2bf288db5b3dfb8b13957fb6f8fe2646503a57700e8382123f23b586fc743d0ac00fd09c145df335d275602793141fe66

Download Submit
C:\Users\Admin\Downloads\Win64.Trojan.GreenBug.zip

Filesize
383KB

MD5
9ed25c4a6ae99f9eb28fd3c654109006

SHA1
1177f44b7dd14c54ae17b921917e0123189c9c09

SHA256
141e8f924ab11d38249ae1d3a3e09c53a1a247b20dae8bde821fceebe1a2e37a

SHA512
15844aa55807e3f683cacbcbc070e046c40fe82e6956158025ed2f3da778d2d3fa61dea33bb3c763b8f45ae41c57b3606806fe8dc1c7a956e21be899ba7490d4

Download Submit
C:\Users\Admin\Downloads\WinX.SUNBURST.zip

Filesize
994KB

MD5
31b50e5fbf4b123b6f32fc28edd0ba86

SHA1
47b55dc480268e654ad0c7519f85fc53d06d87e2

SHA256
8127165190392dcd41a6f55fe81e0494aaf04b717cde9f135199c2cafa170828

SHA512
45eba38b0f2db913c3d1f198837d5b660b92dc103daa7745879ee76a59c6188a1539e7fad1c94d8df39e3e0e8abcde849540f866b3dd752b45021acc11574b8f

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\yy20grrr\yy20grrr.0.cs

Filesize
42B

MD5
0fd6c5ef54a461a3968153320a86fe2b

SHA1
11aab7e8917c87fdf88f1fecbc0d5a833972e044

SHA256
7709fd57593ec1b52c4ab8883244eddfc14066a7d3734a314dfae8bc5216fca8

SHA512
1d16b2915433a0219b2b84f42d6692f125068e3f01a0048b2dc20717c51907137ebbd30e31a2092089a8ca307cbe3fcaf4efe42b3df63b47786020cbba52d682

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\yy20grrr\yy20grrr.cmdline

Filesize
117B

MD5
fa4288ca00a3810552c1871a5b48d62f

SHA1
58b10d9372243fa40cd020785809c3ad141eb0c5

SHA256
575cfe8a54b5ea3f993fb833e33f53e7c651c285351abb4ebaffa9318c85ef37

SHA512
e46b0d4b648dad4313c1d17871bba063dd817ce0736a690556e33052760a73a7f3188e4ce374cc98fa287e7a92c919cdd7e44c0f433b3c73185f05283afe4914

Download Submit
memory/3284-1146-0x0000000000CB0000-0x0000000000D5A000-memory.dmp

Filesize
680KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request