badrabbit | f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9

Analysis

max time kernel
149s
max time network
151s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
05/03/2025, 22:27 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Size

149KB
MD5

7d8f0e539e50eb545d094c50aab0ea9e
SHA1

9368da690ace5328abc4461cd8322d78c1fdc290
SHA256

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9
SHA512

092d05eb357da75c2a6646a353e1c1cf7f0ae66ea32ac4beff8fda87160c9226417b187b4ac34e7b5745aaa65c8a6b8b33b9f02e19d9a959627544b50a3eae7a
SSDEEP

3072:Pmpq7ybSPGccu5R9Wl7rSmpVYc7+DUltw/ArIW1:epqG2eM5R9kNj2UlgJ

Score

10^/10

badrabbit mimikatz discovery ransomware

Malware Config

Signatures

BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
ransomware badrabbit
Badrabbit family
badrabbit
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
mimikatz
Mimikatz family
mimikatz

mimikatz is an open source tool to dump credentials on Windows 1 IoCs

resource	yara_rule
behavioral1/files/0x000a000000027d93-110.dat	mimikatz

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Executes dropped EXE 64 IoCs

pid	Process
5884	Endermanch@BadRabbit.exe
5984	Endermanch@BadRabbit.exe
2676	Endermanch@BadRabbit.exe
6044	B5A4.tmp
5048	Endermanch@BadRabbit.exe
3844	Endermanch@BadRabbit.exe
3196	Endermanch@BadRabbit.exe
376	Endermanch@BadRabbit.exe
5084	Endermanch@BadRabbit.exe
3640	Endermanch@BadRabbit.exe
3404	Endermanch@BadRabbit.exe
1676	Endermanch@BadRabbit.exe
5696	Endermanch@BadRabbit.exe
1356	Endermanch@BadRabbit.exe
3620	Endermanch@BadRabbit.exe
5684	Endermanch@BadRabbit.exe
1668	Endermanch@BadRabbit.exe
2776	Endermanch@BadRabbit.exe
400	Endermanch@BadRabbit.exe
3404	Endermanch@BadRabbit.exe
1840	Endermanch@BadRabbit.exe
2016	Endermanch@BadRabbit.exe
5776	Endermanch@BadRabbit.exe
1416	Endermanch@BadRabbit.exe
5364	Endermanch@BadRabbit.exe
3900	Endermanch@BadRabbit.exe
968	Endermanch@BadRabbit.exe
4304	Endermanch@BadRabbit.exe
736	Endermanch@BadRabbit.exe
1792	Endermanch@BadRabbit.exe
3384	Endermanch@BadRabbit.exe
2516	Endermanch@BadRabbit.exe
1752	Endermanch@BadRabbit.exe
1408	Endermanch@BadRabbit.exe
3064	Endermanch@BadRabbit.exe
2204	Endermanch@BadRabbit.exe
3132	Endermanch@BadRabbit.exe
4288	Endermanch@BadRabbit.exe
2848	Endermanch@BadRabbit.exe
1016	Endermanch@BadRabbit.exe
3016	Endermanch@BadRabbit.exe
4724	Endermanch@BadRabbit.exe
4124	Endermanch@BadRabbit.exe
2960	Endermanch@BadRabbit.exe
4128	Endermanch@BadRabbit.exe
5112	Endermanch@BadRabbit.exe
796	Endermanch@BadRabbit.exe
2008	Endermanch@BadRabbit.exe
1744	Endermanch@BadRabbit.exe
2152	Endermanch@BadRabbit.exe
3644	Endermanch@BadRabbit.exe
4816	Endermanch@BadRabbit.exe
4224	Endermanch@BadRabbit.exe
960	Endermanch@BadRabbit.exe
3880	Endermanch@BadRabbit.exe
1156	Endermanch@BadRabbit.exe
2496	Endermanch@BadRabbit.exe
4180	Endermanch@BadRabbit.exe
2884	Endermanch@BadRabbit.exe
3052	Endermanch@BadRabbit.exe
1864	Endermanch@BadRabbit.exe
1584	Endermanch@BadRabbit.exe
3228	Endermanch@BadRabbit.exe
5164	Endermanch@BadRabbit.exe

Loads dropped DLL 64 IoCs

pid	Process
4024	rundll32.exe
1940	rundll32.exe
1740	rundll32.exe
3664	rundll32.exe
1560	rundll32.exe
4128	rundll32.exe
2612	rundll32.exe
4092	rundll32.exe
5332	rundll32.exe
5732	rundll32.exe
4584	rundll32.exe
404	rundll32.exe
5636	rundll32.exe
1396	rundll32.exe
5052	rundll32.exe
2292	rundll32.exe
820	rundll32.exe
1012	rundll32.exe
2324	rundll32.exe
4716	rundll32.exe
3652	rundll32.exe
3868	rundll32.exe
5708	rundll32.exe
6084	rundll32.exe
2720	rundll32.exe
2760	rundll32.exe
5296	rundll32.exe
700	rundll32.exe
2304	rundll32.exe
2936	rundll32.exe
3300	rundll32.exe
1484	rundll32.exe
5804	rundll32.exe
5152	rundll32.exe
412	rundll32.exe
5260	rundll32.exe
3616	rundll32.exe
5472	rundll32.exe
4544	rundll32.exe
3856	rundll32.exe
5476	rundll32.exe
2028	rundll32.exe
4348	rundll32.exe
1640	rundll32.exe
1136	rundll32.exe
1180	rundll32.exe
3632	rundll32.exe
2056	rundll32.exe
2680	rundll32.exe
2064	rundll32.exe
6104	rundll32.exe
4636	rundll32.exe
5164	rundll32.exe
4436	rundll32.exe
3232	rundll32.exe
4112	rundll32.exe
5600	rundll32.exe
1696	rundll32.exe
2856	rundll32.exe
4540	rundll32.exe
2584	rundll32.exe
6136	rundll32.exe
2580	rundll32.exe
5124	rundll32.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs

Web Service

T1102

flow	ioc
272	raw.githubusercontent.com
290	raw.githubusercontent.com
341	raw.githubusercontent.com
152	raw.githubusercontent.com
180	raw.githubusercontent.com
282	raw.githubusercontent.com
298	raw.githubusercontent.com
325	raw.githubusercontent.com
402	raw.githubusercontent.com
131	raw.githubusercontent.com
157	raw.githubusercontent.com
242	raw.githubusercontent.com
295	raw.githubusercontent.com
369	raw.githubusercontent.com
8	raw.githubusercontent.com
137	raw.githubusercontent.com
285	raw.githubusercontent.com
374	raw.githubusercontent.com
400	raw.githubusercontent.com
405	raw.githubusercontent.com
122	raw.githubusercontent.com
230	raw.githubusercontent.com
22	raw.githubusercontent.com
155	raw.githubusercontent.com
222	raw.githubusercontent.com
225	raw.githubusercontent.com
343	raw.githubusercontent.com
91	raw.githubusercontent.com
95	raw.githubusercontent.com
303	raw.githubusercontent.com
308	raw.githubusercontent.com
322	raw.githubusercontent.com
332	raw.githubusercontent.com
44	raw.githubusercontent.com
71	raw.githubusercontent.com
192	raw.githubusercontent.com
20	raw.githubusercontent.com
201	raw.githubusercontent.com
315	raw.githubusercontent.com
175	raw.githubusercontent.com
126	raw.githubusercontent.com
145	raw.githubusercontent.com
275	raw.githubusercontent.com
353	raw.githubusercontent.com
356	raw.githubusercontent.com
397	raw.githubusercontent.com
140	raw.githubusercontent.com
212	raw.githubusercontent.com
247	raw.githubusercontent.com
280	raw.githubusercontent.com
392	raw.githubusercontent.com
9	raw.githubusercontent.com
185	raw.githubusercontent.com
252	raw.githubusercontent.com
327	raw.githubusercontent.com
376	raw.githubusercontent.com
395	raw.githubusercontent.com
42	raw.githubusercontent.com
97	raw.githubusercontent.com
207	raw.githubusercontent.com
259	raw.githubusercontent.com
320	raw.githubusercontent.com
348	raw.githubusercontent.com
372	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\infpub.dat	Endermanch@BadRabbit.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Endermanch@BadRabbit.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
1168	schtasks.exe
5696	schtasks.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4024	rundll32.exe
4024	rundll32.exe
4024	rundll32.exe
4024	rundll32.exe
1940	rundll32.exe
1940	rundll32.exe
1740	rundll32.exe
1740	rundll32.exe
6044	B5A4.tmp
6044	B5A4.tmp
6044	B5A4.tmp
6044	B5A4.tmp
6044	B5A4.tmp
6044	B5A4.tmp
3664	rundll32.exe
3664	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
4128	rundll32.exe
4128	rundll32.exe
2612	rundll32.exe
2612	rundll32.exe
4092	rundll32.exe
4092	rundll32.exe
5332	rundll32.exe
5332	rundll32.exe
5732	rundll32.exe
5732	rundll32.exe
4584	rundll32.exe
4584	rundll32.exe
404	rundll32.exe
404	rundll32.exe
5636	rundll32.exe
5636	rundll32.exe
1396	rundll32.exe
1396	rundll32.exe
5052	rundll32.exe
5052	rundll32.exe
2292	rundll32.exe
2292	rundll32.exe
820	rundll32.exe
820	rundll32.exe
1012	rundll32.exe
1012	rundll32.exe
2324	rundll32.exe
2324	rundll32.exe
4716	rundll32.exe
4716	rundll32.exe
3652	rundll32.exe
3652	rundll32.exe
3868	rundll32.exe
3868	rundll32.exe
5708	rundll32.exe
5708	rundll32.exe
6084	rundll32.exe
6084	rundll32.exe
2720	rundll32.exe
2720	rundll32.exe
2760	rundll32.exe
2760	rundll32.exe
5296	rundll32.exe
5296	rundll32.exe
700	rundll32.exe
700	rundll32.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5192	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Token: SeDebugPrivilege	4428	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Token: SeShutdownPrivilege	4024	rundll32.exe
Token: SeDebugPrivilege	4024	rundll32.exe
Token: SeTcbPrivilege	4024	rundll32.exe
Token: SeDebugPrivilege	3348	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Token: SeShutdownPrivilege	1940	rundll32.exe
Token: SeDebugPrivilege	1940	rundll32.exe
Token: SeTcbPrivilege	1940	rundll32.exe
Token: SeShutdownPrivilege	1740	rundll32.exe
Token: SeDebugPrivilege	1740	rundll32.exe
Token: SeTcbPrivilege	1740	rundll32.exe
Token: SeDebugPrivilege	5524	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Token: SeDebugPrivilege	6044	B5A4.tmp
Token: SeShutdownPrivilege	3664	rundll32.exe
Token: SeDebugPrivilege	3664	rundll32.exe
Token: SeTcbPrivilege	3664	rundll32.exe
Token: SeDebugPrivilege	5476	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Token: SeDebugPrivilege	644	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Token: SeShutdownPrivilege	1560	rundll32.exe
Token: SeDebugPrivilege	1560	rundll32.exe
Token: SeTcbPrivilege	1560	rundll32.exe
Token: SeShutdownPrivilege	4128	rundll32.exe
Token: SeDebugPrivilege	4128	rundll32.exe
Token: SeTcbPrivilege	4128	rundll32.exe
Token: SeDebugPrivilege	3604	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Token: SeShutdownPrivilege	2612	rundll32.exe
Token: SeDebugPrivilege	2612	rundll32.exe
Token: SeTcbPrivilege	2612	rundll32.exe
Token: SeDebugPrivilege	2420	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Token: SeShutdownPrivilege	4092	rundll32.exe
Token: SeDebugPrivilege	4092	rundll32.exe
Token: SeTcbPrivilege	4092	rundll32.exe
Token: SeDebugPrivilege	716	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Token: SeShutdownPrivilege	5332	rundll32.exe
Token: SeDebugPrivilege	5332	rundll32.exe
Token: SeTcbPrivilege	5332	rundll32.exe
Token: SeDebugPrivilege	5140	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Token: SeShutdownPrivilege	5732	rundll32.exe
Token: SeDebugPrivilege	5732	rundll32.exe
Token: SeTcbPrivilege	5732	rundll32.exe
Token: SeDebugPrivilege	2684	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Token: SeShutdownPrivilege	4584	rundll32.exe
Token: SeDebugPrivilege	4584	rundll32.exe
Token: SeTcbPrivilege	4584	rundll32.exe
Token: SeDebugPrivilege	2120	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Token: SeShutdownPrivilege	404	rundll32.exe
Token: SeDebugPrivilege	404	rundll32.exe
Token: SeTcbPrivilege	404	rundll32.exe
Token: SeDebugPrivilege	328	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Token: SeShutdownPrivilege	5636	rundll32.exe
Token: SeDebugPrivilege	5636	rundll32.exe
Token: SeTcbPrivilege	5636	rundll32.exe
Token: SeDebugPrivilege	4908	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Token: SeShutdownPrivilege	1396	rundll32.exe
Token: SeDebugPrivilege	1396	rundll32.exe
Token: SeTcbPrivilege	1396	rundll32.exe
Token: SeDebugPrivilege	552	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Token: SeShutdownPrivilege	5052	rundll32.exe
Token: SeDebugPrivilege	5052	rundll32.exe
Token: SeTcbPrivilege	5052	rundll32.exe
Token: SeDebugPrivilege	5988	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
Token: SeShutdownPrivilege	2292	rundll32.exe
Token: SeDebugPrivilege	2292	rundll32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5192 wrote to memory of 5884	5192	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	84
PID 5192 wrote to memory of 5884	5192	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	84
PID 5192 wrote to memory of 5884	5192	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	84
PID 5192 wrote to memory of 4428	5192	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	85
PID 5192 wrote to memory of 4428	5192	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	85
PID 5884 wrote to memory of 4024	5884	Endermanch@BadRabbit.exe	87
PID 5884 wrote to memory of 4024	5884	Endermanch@BadRabbit.exe	87
PID 5884 wrote to memory of 4024	5884	Endermanch@BadRabbit.exe	87
PID 4024 wrote to memory of 4076	4024	rundll32.exe	88
PID 4024 wrote to memory of 4076	4024	rundll32.exe	88
PID 4024 wrote to memory of 4076	4024	rundll32.exe	88
PID 4076 wrote to memory of 4784	4076	cmd.exe	90
PID 4076 wrote to memory of 4784	4076	cmd.exe	90
PID 4076 wrote to memory of 4784	4076	cmd.exe	90
PID 4428 wrote to memory of 5984	4428	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	93
PID 4428 wrote to memory of 5984	4428	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	93
PID 4428 wrote to memory of 5984	4428	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	93
PID 4428 wrote to memory of 3348	4428	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	94
PID 4428 wrote to memory of 3348	4428	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	94
PID 5984 wrote to memory of 1940	5984	Endermanch@BadRabbit.exe	96
PID 5984 wrote to memory of 1940	5984	Endermanch@BadRabbit.exe	96
PID 5984 wrote to memory of 1940	5984	Endermanch@BadRabbit.exe	96
PID 3348 wrote to memory of 2676	3348	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	99
PID 3348 wrote to memory of 2676	3348	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	99
PID 3348 wrote to memory of 2676	3348	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	99
PID 3348 wrote to memory of 5524	3348	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	101
PID 3348 wrote to memory of 5524	3348	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	101
PID 2676 wrote to memory of 1740	2676	Endermanch@BadRabbit.exe	102
PID 2676 wrote to memory of 1740	2676	Endermanch@BadRabbit.exe	102
PID 2676 wrote to memory of 1740	2676	Endermanch@BadRabbit.exe	102
PID 4024 wrote to memory of 5576	4024	rundll32.exe	103
PID 4024 wrote to memory of 5576	4024	rundll32.exe	103
PID 4024 wrote to memory of 5576	4024	rundll32.exe	103
PID 4024 wrote to memory of 3236	4024	rundll32.exe	105
PID 4024 wrote to memory of 3236	4024	rundll32.exe	105
PID 4024 wrote to memory of 3236	4024	rundll32.exe	105
PID 4024 wrote to memory of 6044	4024	rundll32.exe	106
PID 4024 wrote to memory of 6044	4024	rundll32.exe	106
PID 5576 wrote to memory of 5696	5576	cmd.exe	109
PID 5576 wrote to memory of 5696	5576	cmd.exe	109
PID 5576 wrote to memory of 5696	5576	cmd.exe	109
PID 3236 wrote to memory of 1168	3236	cmd.exe	110
PID 3236 wrote to memory of 1168	3236	cmd.exe	110
PID 3236 wrote to memory of 1168	3236	cmd.exe	110
PID 5524 wrote to memory of 5048	5524	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	111
PID 5524 wrote to memory of 5048	5524	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	111
PID 5524 wrote to memory of 5048	5524	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	111
PID 5524 wrote to memory of 5476	5524	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	113
PID 5524 wrote to memory of 5476	5524	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	113
PID 5048 wrote to memory of 3664	5048	Endermanch@BadRabbit.exe	114
PID 5048 wrote to memory of 3664	5048	Endermanch@BadRabbit.exe	114
PID 5048 wrote to memory of 3664	5048	Endermanch@BadRabbit.exe	114
PID 5476 wrote to memory of 3844	5476	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	116
PID 5476 wrote to memory of 3844	5476	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	116
PID 5476 wrote to memory of 3844	5476	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	116
PID 5476 wrote to memory of 644	5476	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	117
PID 5476 wrote to memory of 644	5476	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	117
PID 3844 wrote to memory of 1560	3844	Endermanch@BadRabbit.exe	119
PID 3844 wrote to memory of 1560	3844	Endermanch@BadRabbit.exe	119
PID 3844 wrote to memory of 1560	3844	Endermanch@BadRabbit.exe	119
PID 644 wrote to memory of 3196	644	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	121
PID 644 wrote to memory of 3196	644	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	121
PID 644 wrote to memory of 3196	644	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	121
PID 644 wrote to memory of 3604	644	f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe	123

C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
"C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5192
- C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
  "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:5884
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4024
  - - C:\Windows\SysWOW64\cmd.exe
      /c schtasks /Delete /F /TN rhaegal
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4076
    - - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /Delete /F /TN rhaegal
        5⤵
        
        PID:4784
  - - C:\Windows\SysWOW64\cmd.exe
      /c schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 1576126555 && exit"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:5576
    - - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 1576126555 && exit"
        5⤵
        System Location Discovery: System Language Discovery
        Scheduled Task/Job: Scheduled Task
        
        PID:5696
  - - C:\Windows\SysWOW64\cmd.exe
      /c schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 22:45:00
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3236
    - - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 22:45:00
        5⤵
        System Location Discovery: System Language Discovery
        Scheduled Task/Job: Scheduled Task
        
        PID:1168
  - - C:\Windows\B5A4.tmp
      "C:\Windows\B5A4.tmp" \\.\pipe\{F9764BF9-B9ED-4391-AC12-D883902D4583}
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:6044
- C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
  "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
  2⤵
  - Checks computer location settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4428
- - C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
    "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:5984
  - - C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1940
- - C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
    "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
      "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2676
    - - C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        5⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
      "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
      4⤵
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:5048
      - C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        6⤵
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        5⤵
        Checks computer location settings
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3844
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        7⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        6⤵
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        7⤵
        Executes dropped EXE
        
        PID:3196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        8⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:376
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        9⤵
        Loads dropped DLL
        Drops file in Windows directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        9⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:5084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        10⤵
        Loads dropped DLL
        Drops file in Windows directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        9⤵
        Checks computer location settings
        Suspicious use of AdjustPrivilegeToken
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        10⤵
        Executes dropped EXE
        
        PID:3640
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        11⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        10⤵
        Checks computer location settings
        Suspicious use of AdjustPrivilegeToken
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        11⤵
        Executes dropped EXE
        
        PID:3404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        12⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        11⤵
        Checks computer location settings
        Suspicious use of AdjustPrivilegeToken
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        12⤵
        Executes dropped EXE
        
        PID:1676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        13⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        12⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        13⤵
        Executes dropped EXE
        
        PID:5696
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        14⤵
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        13⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        14⤵
        Executes dropped EXE
        
        PID:1356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        15⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        14⤵
        Checks computer location settings
        Suspicious use of AdjustPrivilegeToken
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        15⤵
        Executes dropped EXE
        
        PID:3620
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        16⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        15⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        16⤵
        Executes dropped EXE
        
        PID:5684
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        17⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        16⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        17⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:1668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        18⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        17⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        18⤵
        Executes dropped EXE
        
        PID:2776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        19⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        18⤵
        Checks computer location settings
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        19⤵
        Executes dropped EXE
        
        PID:400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        20⤵
        Loads dropped DLL
        Drops file in Windows directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        19⤵
        Checks computer location settings
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        20⤵
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:3404
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        21⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        20⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        21⤵
        Executes dropped EXE
        
        PID:1840
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        22⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        21⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        22⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        23⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        22⤵
        Checks computer location settings
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        23⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:5776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        24⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        23⤵
        Checks computer location settings
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        24⤵
        Executes dropped EXE
        
        PID:1416
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        25⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        24⤵
        Checks computer location settings
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        25⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:5364
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        26⤵
        Loads dropped DLL
        Drops file in Windows directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        25⤵
        Checks computer location settings
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        26⤵
        Executes dropped EXE
        
        PID:3900
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        27⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        26⤵
        Checks computer location settings
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        27⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:968
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        28⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        27⤵
        Checks computer location settings
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        28⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4304
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        29⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        28⤵
        Checks computer location settings
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        29⤵
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        30⤵
        Loads dropped DLL
        Drops file in Windows directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        29⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        30⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1792
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        31⤵
        Loads dropped DLL
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        30⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        31⤵
        Executes dropped EXE
        
        PID:3384
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        32⤵
        Loads dropped DLL
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        31⤵
        Checks computer location settings
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        32⤵
        Executes dropped EXE
        
        PID:2516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        33⤵
        Loads dropped DLL
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        32⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        33⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1752
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        34⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        33⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        34⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1408
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        35⤵
        Loads dropped DLL
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        34⤵
        Checks computer location settings
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        35⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3064
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        36⤵
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        35⤵
        Checks computer location settings
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        36⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2204
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        37⤵
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        36⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        37⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3132
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        38⤵
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        37⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        38⤵
        Executes dropped EXE
        
        PID:4288
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        39⤵
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        38⤵
        Checks computer location settings
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        39⤵
        Executes dropped EXE
        
        PID:2848
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        40⤵
        Loads dropped DLL
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        39⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        40⤵
        Executes dropped EXE
        
        PID:1016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        41⤵
        Loads dropped DLL
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        40⤵
        Checks computer location settings
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        41⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        42⤵
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        41⤵
        Checks computer location settings
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        42⤵
        Executes dropped EXE
        
        PID:4724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        43⤵
        Loads dropped DLL
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        42⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        43⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:4124
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        44⤵
        Loads dropped DLL
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        43⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        44⤵
        Executes dropped EXE
        
        PID:2960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        45⤵
        Loads dropped DLL
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        44⤵
        Checks computer location settings
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        45⤵
        Executes dropped EXE
        
        PID:4128
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        46⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        45⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        46⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5112
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        47⤵
        Loads dropped DLL
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        46⤵
        Checks computer location settings
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        47⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:796
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        48⤵
        Loads dropped DLL
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        47⤵
        Checks computer location settings
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        48⤵
        Executes dropped EXE
        
        PID:2008
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        49⤵
        Loads dropped DLL
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        48⤵
        Checks computer location settings
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        49⤵
        Executes dropped EXE
        
        PID:1744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        50⤵
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        49⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        50⤵
        Executes dropped EXE
        
        PID:2152
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        51⤵
        Loads dropped DLL
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        50⤵
        Checks computer location settings
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        51⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        52⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        51⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        52⤵
        Executes dropped EXE
        
        PID:4816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        53⤵
        Loads dropped DLL
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        52⤵
        Checks computer location settings
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        53⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:4224
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        54⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        53⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        54⤵
        Executes dropped EXE
        
        PID:960
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        55⤵
        Loads dropped DLL
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        54⤵
        Checks computer location settings
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        55⤵
        Executes dropped EXE
        
        PID:3880
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        56⤵
        Loads dropped DLL
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        55⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        56⤵
        Executes dropped EXE
        
        PID:1156
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        57⤵
        Loads dropped DLL
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        56⤵
        Checks computer location settings
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        57⤵
        Executes dropped EXE
        
        PID:2496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        58⤵
        Loads dropped DLL
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        57⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        58⤵
        Executes dropped EXE
        
        PID:4180
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        59⤵
        Loads dropped DLL
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        58⤵
        Checks computer location settings
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        59⤵
        Executes dropped EXE
        
        PID:2884
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        60⤵
        Loads dropped DLL
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        59⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        60⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        61⤵
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        60⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        61⤵
        Executes dropped EXE
        
        PID:1864
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        62⤵
        Loads dropped DLL
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        61⤵
        Checks computer location settings
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        62⤵
        Executes dropped EXE
        
        PID:1584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        63⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        62⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        63⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        64⤵
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        63⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        64⤵
        Executes dropped EXE
        
        PID:5164
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        65⤵
        Loads dropped DLL
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        64⤵
        Checks computer location settings
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        65⤵
        Drops file in Windows directory
        
        PID:4092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        66⤵
        Loads dropped DLL
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        65⤵
        Checks computer location settings
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        66⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:3584
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        67⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        66⤵
        Checks computer location settings
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        67⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        68⤵
        Drops file in Windows directory
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        67⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        68⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        69⤵
        System Location Discovery: System Language Discovery
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        68⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        69⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        70⤵
        System Location Discovery: System Language Discovery
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        69⤵
        Checks computer location settings
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        70⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        71⤵
        System Location Discovery: System Language Discovery
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        70⤵
        Checks computer location settings
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        71⤵
        Drops file in Windows directory
        
        PID:1740
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        72⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        71⤵
        Checks computer location settings
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        72⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        73⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        72⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        73⤵
        
        PID:328
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        74⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        73⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        74⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        75⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        74⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        75⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        76⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        75⤵
        Checks computer location settings
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        76⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        77⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        76⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        77⤵
        Drops file in Windows directory
        
        PID:3344
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        78⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        77⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        78⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:2196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        79⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        78⤵
        Checks computer location settings
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        79⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        80⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        79⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        80⤵
        System Location Discovery: System Language Discovery
        
        PID:2080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        81⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        80⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        81⤵
        System Location Discovery: System Language Discovery
        
        PID:1908
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        82⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        81⤵
        Checks computer location settings
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        82⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        83⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        82⤵
        Checks computer location settings
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        83⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        84⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        83⤵
        Checks computer location settings
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        84⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        85⤵
        System Location Discovery: System Language Discovery
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        84⤵
        Checks computer location settings
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        85⤵
        Drops file in Windows directory
        
        PID:748
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        86⤵
        Drops file in Windows directory
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        85⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        86⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        87⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        86⤵
        Checks computer location settings
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        87⤵
        System Location Discovery: System Language Discovery
        
        PID:5868
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        88⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        87⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        88⤵
        System Location Discovery: System Language Discovery
        
        PID:5260
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        89⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        88⤵
        Checks computer location settings
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        89⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:400
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        90⤵
        Drops file in Windows directory
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        89⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        90⤵
        
        PID:64
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        91⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        90⤵
        Checks computer location settings
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        91⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        92⤵
        Drops file in Windows directory
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        91⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        92⤵
        System Location Discovery: System Language Discovery
        
        PID:5664
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        93⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        92⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        93⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        94⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        93⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        94⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        95⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        94⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        95⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        96⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        95⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        96⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        97⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        96⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        97⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        98⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        97⤵
        Checks computer location settings
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        98⤵
        
        PID:3916
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        99⤵
        Drops file in Windows directory
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        98⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        99⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        100⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        99⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        100⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        101⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        100⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        101⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        102⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        101⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        102⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        103⤵
        Drops file in Windows directory
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        102⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        103⤵
        System Location Discovery: System Language Discovery
        
        PID:3040
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        104⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        103⤵
        Checks computer location settings
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        104⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        105⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        104⤵
        Checks computer location settings
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        105⤵
        System Location Discovery: System Language Discovery
        
        PID:5356
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        106⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        105⤵
        Checks computer location settings
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        106⤵
        
        PID:388
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        107⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        106⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        107⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        108⤵
        System Location Discovery: System Language Discovery
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        107⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        108⤵
        System Location Discovery: System Language Discovery
        
        PID:1988
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        109⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        108⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        109⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        110⤵
        Drops file in Windows directory
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        109⤵
        Checks computer location settings
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        110⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        111⤵
        Drops file in Windows directory
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        110⤵
        Checks computer location settings
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        111⤵
        Drops file in Windows directory
        
        PID:3084
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        112⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        111⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        112⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        113⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        112⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        113⤵
        Drops file in Windows directory
        
        PID:1996
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        114⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        113⤵
        Checks computer location settings
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        114⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        115⤵
        Drops file in Windows directory
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        114⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        115⤵
        
        PID:3100
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        116⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        115⤵
        Checks computer location settings
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        116⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        117⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        116⤵
        Checks computer location settings
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        117⤵
        Drops file in Windows directory
        
        PID:2320
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        118⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        117⤵
        Checks computer location settings
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        118⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        119⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        118⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        119⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        120⤵
        System Location Discovery: System Language Discovery
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        119⤵
        Checks computer location settings
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        120⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        121⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        120⤵
        Checks computer location settings
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        121⤵
        System Location Discovery: System Language Discovery
        
        PID:736
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        122⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        121⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        122⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        123⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        122⤵
        Checks computer location settings
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        123⤵
        Drops file in Windows directory
        
        PID:2296
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        124⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        123⤵
        Checks computer location settings
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        124⤵
        Drops file in Windows directory
        
        PID:4360
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        125⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        124⤵
        Checks computer location settings
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        125⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        126⤵
        Drops file in Windows directory
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        125⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        126⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        127⤵
        System Location Discovery: System Language Discovery
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        126⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        127⤵
        Drops file in Windows directory
        
        PID:4756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        128⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        127⤵
        Checks computer location settings
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        128⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        129⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        128⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        129⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        130⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        129⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        130⤵
        
        PID:716
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        131⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        130⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        131⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:5892
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        132⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        131⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        132⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        133⤵
        Drops file in Windows directory
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        132⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        133⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        134⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        133⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        134⤵
        System Location Discovery: System Language Discovery
        
        PID:3428
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        135⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        134⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        135⤵
        Drops file in Windows directory
        
        PID:4464
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        136⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        135⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        136⤵
        Drops file in Windows directory
        
        PID:776
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        137⤵
        System Location Discovery: System Language Discovery
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        136⤵
        Checks computer location settings
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        137⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        138⤵
        Drops file in Windows directory
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        137⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        138⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        139⤵
        System Location Discovery: System Language Discovery
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        138⤵
        Checks computer location settings
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        139⤵
        Drops file in Windows directory
        
        PID:952
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        140⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        139⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        140⤵
        System Location Discovery: System Language Discovery
        
        PID:2816
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        141⤵
        System Location Discovery: System Language Discovery
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        140⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe"
        141⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
        142⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe"
        141⤵
        
        PID:1992

Network

DNS

github.com

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: E547:1ECE39:5BB65:731BD:67C8CFDA
DNS

raw.githubusercontent.com

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

8.8.8.8:53

Request

raw.githubusercontent.com

IN A

Response

raw.githubusercontent.com

IN A

185.199.109.133

raw.githubusercontent.com

IN A

185.199.108.133

raw.githubusercontent.com

IN A

185.199.111.133

raw.githubusercontent.com

IN A

185.199.110.133
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:27:39 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4246-LON
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1741213659.230634,VS0,VE146
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: dc4b8a2e8b98be3f0a209f7e86c579cd8c0282a1
Expires: Wed, 05 Mar 2025 22:32:39 GMT
Source-Age: 0
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 2ACA:380DF5:5BB8E:73232:67C8CFDC
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:27:41 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600031-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1741213661.165047,VS0,VE94
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 1967cf1e54fb33626e48c1ee39925858dc73807d
Expires: Wed, 05 Mar 2025 22:32:41 GMT
Source-Age: 0
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: ECE7:3BEE:5C0FE:737D6:67C8CFDE
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:27:42 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600031-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213662.348646,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 4426446ff83afceeed35df8aee6a0dbf97002f13
Expires: Wed, 05 Mar 2025 22:32:42 GMT
Source-Age: 1
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 0D06:3C3703:5CC71:74322:67C8CFDE
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:27:43 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4264-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213663.288165,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 87b05633ba20eae9cd5ad232235982de554e7bc3
Expires: Wed, 05 Mar 2025 22:32:43 GMT
Source-Age: 4
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: EA86:1E0BB5:5C9B8:740BA:67C8CFE0
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:27:44 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600058-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213664.398361,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: e35f2bc8bd00594099659d2521fb10f67a1ad67c
Expires: Wed, 05 Mar 2025 22:32:44 GMT
Source-Age: 3
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 2486:3D5AED:5BF62:73682:67C8CFE1
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:27:45 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600086-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213665.444583,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 70a68cdea9cd42f364b5c6653b35ae1f8646d199
Expires: Wed, 05 Mar 2025 22:32:45 GMT
Source-Age: 4
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 9E09:3708B8:5E2E9:75A30:67C8CFE2
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:27:46 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420145-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213666.493690,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: a6f7d9726168fe9c333db3d72b853d837d65c85b
Expires: Wed, 05 Mar 2025 22:32:46 GMT
Source-Age: 7
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 51C1:CE94B:5D462:74BD1:67C8CFE3
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:27:47 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213668.677345,VS0,VE4
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: e0863b7459a557fe69151b614ba287b947e49580
Expires: Wed, 05 Mar 2025 22:32:47 GMT
Source-Age: 6
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 9FF6:26DDD4:5CDCE:74570:67C8CFE4
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:27:49 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4261-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213669.405907,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 1ee2039d03de2b9af361bcc1a7e36f9ec96f9d19
Expires: Wed, 05 Mar 2025 22:32:49 GMT
Source-Age: 10
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: A0BC:1ECE39:5C145:73919:67C8CFE6
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:27:50 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600056-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213671.503657,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: e023d80d29f60024daf114f462d9ba8360633fc1
Expires: Wed, 05 Mar 2025 22:32:50 GMT
Source-Age: 9
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: A808:3D5AED:5C270:73A6B:67C8CFE7
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:27:51 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420087-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213672.761113,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 31b42f8d68d702d7552bcd07e5179269adfbc528
Expires: Wed, 05 Mar 2025 22:32:51 GMT
Source-Age: 12
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 0D82:3BEE:5C594:73DD3:67C8CFE8
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:27:52 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600065-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213673.740981,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 7acc6149635de6e59b4458c55d574d6b9af7293f
Expires: Wed, 05 Mar 2025 22:32:52 GMT
Source-Age: 11
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: E0ED:3BEE:5C60F:73E7B:67C8CFE9
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:27:53 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4273-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213674.849844,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: b62bb14a7bc2ba56ff7175a07051e47c09675f65
Expires: Wed, 05 Mar 2025 22:32:53 GMT
Source-Age: 14
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 9BB0:223CD6:600F1:77964:67C8CFEA
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:27:55 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600096-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213676.923198,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 3e0b3d2c560985e6eb1916990cb252f8ffe168a8
Expires: Wed, 05 Mar 2025 22:32:55 GMT
Source-Age: 15
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:27:57 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600022-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213677.088540,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: c5d95b42354105ffcefc14716c747ce299f23f2e
Expires: Wed, 05 Mar 2025 22:32:57 GMT
Source-Age: 16
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: B5D5:CE94B:5D9AB:7526E:67C8CFED
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:27:58 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600061-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213678.150132,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 2a30fc20b4b3eb41838495308c6c5be5ee9e7666
Expires: Wed, 05 Mar 2025 22:32:58 GMT
Source-Age: 17
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: DA36:92DE4:5E055:7594B:67C8CFEE
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:27:59 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600034-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213679.122975,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: c45ebda56df1cfe186c4c7ec9f794442802a52c3
Expires: Wed, 05 Mar 2025 22:32:59 GMT
Source-Age: 18
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: A266:1ECE39:5C5DB:73F04:67C8CFEF
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:00 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600067-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213680.073323,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 65132cfba87ff829ccc9db9f6534085cb7764b02
Expires: Wed, 05 Mar 2025 22:33:00 GMT
Source-Age: 19
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 2F94:21F4A3:5CB30:7446F:67C8CFF0
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:01 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600069-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213681.204136,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 9a5aa48c7d12d5e97963224049b1e9f1c5dd4b53
Expires: Wed, 05 Mar 2025 22:33:01 GMT
Source-Age: 20
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: CE92:265730:5CEB8:74804:67C8CFF1
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:02 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420120-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213682.156729,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: b838702f1a97e5eef4c6f899f0d0dfc04e981a03
Expires: Wed, 05 Mar 2025 22:33:02 GMT
Source-Age: 23
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: BF13:276A13:5CB22:744AE:67C8CFF2
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:03 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600050-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213683.113402,VS0,VE3
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 8cd85a385ae169591c7cece310edf4ca3d451558
Expires: Wed, 05 Mar 2025 22:33:03 GMT
Source-Age: 22
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: F048:276A13:5CBBA:74568:67C8CFF3
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:04 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4263-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213684.078736,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 3f35753a6a8a77aa0c5e6d46d94a0d64bbb805be
Expires: Wed, 05 Mar 2025 22:33:04 GMT
Source-Age: 25
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 5478:276A13:5CC3A:74611:67C8CFF4
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:05 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420105-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213685.054890,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 6c83307ac7062a52c59caed0fa07f73dabfe7f4d
Expires: Wed, 05 Mar 2025 22:33:05 GMT
Source-Age: 26
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 4B05:2A01EC:5BF9D:73957:67C8CFF5
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:06 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600055-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213686.036788,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: e11c74ce0fcfc554b33c68f16445280f7264b091
Expires: Wed, 05 Mar 2025 22:33:06 GMT
Source-Age: 25
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 4CBE:92DE4:5E4ED:75EDE:67C8CFF6
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:06 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420121-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213687.988226,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: b1c1a9cc2c2ad5f0ddacf3b3dc30d892e82cd7a6
Expires: Wed, 05 Mar 2025 22:33:06 GMT
Source-Age: 28
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 5533:CE94B:5DEFE:75913:67C8CFF7
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:08 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600025-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213688.001760,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 89b5391f9fd3f3323b329ceca6d7f74336847fdf
Expires: Wed, 05 Mar 2025 22:33:08 GMT
Source-Age: 27
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 7A1D:3C3703:5D96E:75384:67C8CFF8
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:08 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600034-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213689.922653,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 54140e73833b43f6760d23fa103456d08bf13585
Expires: Wed, 05 Mar 2025 22:33:08 GMT
Source-Age: 28
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 4908:2919FB:50317:64E10:67C8CFF9
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:09 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600066-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213690.896721,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: d0c9cadda542088b649152b7bff14e04dd613179
Expires: Wed, 05 Mar 2025 22:33:09 GMT
Source-Age: 29
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 8E46:1E0BB5:5D6CC:7514E:67C8CFFA
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:10 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600088-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213691.869911,VS0,VE4
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: abb54d571eb19d1a2065d1ccde9faa91a6239ec3
Expires: Wed, 05 Mar 2025 22:33:10 GMT
Source-Age: 30
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 45B0:3708B8:5EF3E:769EC:67C8CFFB
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:11 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600050-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213692.816401,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: a6e11c16ff47570bebc13856a5f48fbd10d1e955
Expires: Wed, 05 Mar 2025 22:33:11 GMT
Source-Age: 31
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 1145:2A01EC:5C374:73E30:67C8CFFC
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:12 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600089-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213693.810529,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 36f059554b8047777a5d4af62f672ac376ec0936
Expires: Wed, 05 Mar 2025 22:33:12 GMT
Source-Age: 32
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: C4B3:2919FB:50535:650AF:67C8CFFD
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:13 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600039-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213694.783098,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 41f7778fe08c586ef28d88f735d7696f231ceeb9
Expires: Wed, 05 Mar 2025 22:33:13 GMT
Source-Age: 33
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 34EE:2CFD4:5CE91:74994:67C8CFFE
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:14 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4243-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213695.717422,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: f3dc1893a160fc3a1277aa02cbf673317b22eb12
Expires: Wed, 05 Mar 2025 22:33:14 GMT
Source-Age: 35
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 1FB4:B290A:5CF7C:74AA8:67C8CFFF
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:15 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420120-LON
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213696.718701,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 045e88a4fb02c30c2c8bbc961e1c9a6f69786e61
Expires: Wed, 05 Mar 2025 22:33:15 GMT
Source-Age: 37
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 2E85:2E45B0:5EE1E:7696D:67C8D000
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:16 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420119-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213697.688656,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 6f9449553cb3f4ed7e8f7b8758363ea5fcff5f0e
Expires: Wed, 05 Mar 2025 22:33:16 GMT
Source-Age: 37
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 7016:92DE4:5EA4F:765BC:67C8D001
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:18 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600086-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213698.256823,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 5d3d6c6381ca53a8c453c8007825db14ac449c0f
Expires: Wed, 05 Mar 2025 22:33:18 GMT
Source-Age: 37
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 7E2B:223CD6:60E77:78A22:67C8D002
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:19 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600094-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213699.219987,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: f10d58dfe54ce0ef781c1b9174e245799751ce4d
Expires: Wed, 05 Mar 2025 22:33:19 GMT
Source-Age: 38
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 9126:26DDD4:5DD9A:75956:67C8D003
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:20 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600077-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213700.140597,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: a23a46448f01669e39effac7fba0c1c1cfff41dc
Expires: Wed, 05 Mar 2025 22:33:20 GMT
Source-Age: 39
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: A31E:11505B:5C3B3:73F92:67C8D004
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:21 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600046-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213701.173888,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: a88ec45a2f774c4c4a8ab1de73a6915ee48b04f9
Expires: Wed, 05 Mar 2025 22:33:21 GMT
Source-Age: 40
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 2076:38F677:5C1F0:73DF7:67C8D005
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:22 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600041-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213702.079124,VS0,VE10
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 53105b9784300d352ed6c98de21f4bfad9288e83
Expires: Wed, 05 Mar 2025 22:33:22 GMT
Source-Age: 41
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: DEF2:92DE4:5ECA7:768C9:67C8D006
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:23 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600026-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213703.028069,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 2e8da2f1fa96d62181a94c1b348cbfabc4a6bad0
Expires: Wed, 05 Mar 2025 22:33:23 GMT
Source-Age: 42
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: F41F:3708B8:5F507:77154:67C8D007
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:24 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600041-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213704.064444,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 3acfe6066f3c1b88545a2331d28000e2ae1d411d
Expires: Wed, 05 Mar 2025 22:33:24 GMT
Source-Age: 43
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 0710:10CD73:5DAC1:75718:67C8D008
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:25 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600085-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213705.051029,VS0,VE3
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 5604262684f3b42ee80e859605d42587d400f6cb
Expires: Wed, 05 Mar 2025 22:33:25 GMT
Source-Age: 44
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 1F95:276A13:5D6D1:75370:67C8D009
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:26 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600062-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213706.058406,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 3916bf34399d5d2a0a5986b0afd230622b8f37f4
Expires: Wed, 05 Mar 2025 22:33:26 GMT
Source-Age: 45
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 0F1E:22C9A2:5DDB0:75A76:67C8D00A
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:27 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600044-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213707.074599,VS0,VE4
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 031aa488a560521008d60eed9760e08f82909823
Expires: Wed, 05 Mar 2025 22:33:27 GMT
Source-Age: 46
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: D9C1:2CFD4:5D564:75234:67C8D00B
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:28 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420135-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213708.030690,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: cb24ccfe813f932c667d11e655b8bce0c1628ec2
Expires: Wed, 05 Mar 2025 22:33:28 GMT
Source-Age: 49
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: A90C:11505B:5C743:74443:67C8D00C
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:29 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600036-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213709.084126,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: ac3853ee6f0316490d8ad85ccf1efdfbff274ee6
Expires: Wed, 05 Mar 2025 22:33:29 GMT
Source-Age: 48
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 2810:1E0BB5:5DFD4:75CF6:67C8D00D
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:30 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600059-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213710.019548,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 81c93baf91ca1b57b3f9ab6ed6b379552f7395db
Expires: Wed, 05 Mar 2025 22:33:30 GMT
Source-Age: 49
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 31EB:3D5AED:5D690:753B5:67C8D00E
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:31 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600047-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213711.061581,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 57c0076cadf95ab437cb9b99e060eabe03e31aaf
Expires: Wed, 05 Mar 2025 22:33:31 GMT
Source-Age: 50
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 282F:2919FB:50D67:65B56:67C8D00F
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:32 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420136-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213712.132288,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 4afaf36a5af1ce2288d27c80396aa9f1a977cb35
Expires: Wed, 05 Mar 2025 22:33:32 GMT
Source-Age: 53
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: BE8A:380DF5:5D5C4:75354:67C8D010
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:33 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420127-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213713.246419,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 802a8b20640c222518a5aae979fe3febadfeaf62
Expires: Wed, 05 Mar 2025 22:33:33 GMT
Source-Age: 54
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 078A:11505B:5C9CF:7477A:67C8D011
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:34 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420133-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213714.212872,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: eef5e410bdb41fcc51614c05f15c96e926ba8812
Expires: Wed, 05 Mar 2025 22:33:34 GMT
Source-Age: 55
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: EDED:1ECE39:5D85B:7561D:67C8D012
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:35 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420118-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213715.187394,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: e9aed67919ba92e127456582e12d881f1e7c625c
Expires: Wed, 05 Mar 2025 22:33:35 GMT
Source-Age: 56
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 8BEC:26DDD4:5E555:7633C:67C8D013
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:36 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4242-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213716.227354,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: d92adab0891a79ce8cadb2f93a2846cf752841ed
Expires: Wed, 05 Mar 2025 22:33:36 GMT
Source-Age: 57
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: BDE3:2CFD4:5DA27:7581D:67C8D014
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:37 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600076-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213717.190793,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 1f8b7917ac170335a1a1cab8647940499a9861b1
Expires: Wed, 05 Mar 2025 22:33:37 GMT
Source-Age: 56
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 1970:10CD73:5E1BE:75FEC:67C8D015
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:39 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600076-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213719.143134,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: ed3d08650ba3c7f671fc03eb2415085473d1ba38
Expires: Wed, 05 Mar 2025 22:33:39 GMT
Source-Age: 58
DNS

github.com

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 0F99:1ECE39:5DB4E:759C3:67C8D017
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:40 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600028-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213720.481835,VS0,VE7
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: e41920ca8121347a506ff0dd91c7296599906c3a
Expires: Wed, 05 Mar 2025 22:33:40 GMT
Source-Age: 59
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 95BC:3C3703:5E900:7677E:67C8D019
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:41 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600061-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213722.506612,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: fff93fc01f16b92e1f1d5091e0ddd2692756c1d0
Expires: Wed, 05 Mar 2025 22:33:41 GMT
Source-Age: 60
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: F53E:1638E5:5D48F:7534E:67C8D01A
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:42 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600079-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213723.794327,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: e4be069b7342f41cc861ab549e8d27577f0dbbe0
Expires: Wed, 05 Mar 2025 22:33:42 GMT
Source-Age: 61
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: C002:92DE4:5F7B0:7769C:67C8D01B
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:43 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4264-LON
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213724.933984,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: ed4c0f118182eccc24cb9d42bc5e6ea82177a474
Expires: Wed, 05 Mar 2025 22:33:43 GMT
Source-Age: 65
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: A8DB:26DDD4:5EA1F:7693F:67C8D01C
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:44 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600026-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213725.910485,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: ba5c8ce5e258dbdd0a465f276cc9692a0640b4a9
Expires: Wed, 05 Mar 2025 22:33:44 GMT
Source-Age: 64
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: B12B:265730:5E670:7658D:67C8D01D
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:46 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420140-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213726.101751,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 0e0200428d3c5dd00d590359cc329080eddfbde5
Expires: Wed, 05 Mar 2025 22:33:46 GMT
Source-Age: 67
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 045D:3C3703:5EB94:76AC8:67C8D01E
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:47 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600029-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213727.096997,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 64e2b25f56120a12f4dac3124e30977b27dec899
Expires: Wed, 05 Mar 2025 22:33:47 GMT
Source-Age: 66
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 97EE:2E45B0:5FDB1:77D22:67C8D01F
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:48 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600053-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213728.167729,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 77a8b67bc54f45e26a411bb1cb7969c70b9231fe
Expires: Wed, 05 Mar 2025 22:33:48 GMT
Source-Age: 67
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 22AE:CE94B:5F3B4:7733D:67C8D020
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:49 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4277-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213729.202853,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 72faf18a1cd7957ff8e5ab2b39a157d407969181
Expires: Wed, 05 Mar 2025 22:33:49 GMT
Source-Age: 70
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: D613:2E45B0:5FEB3:77E68:67C8D021
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:50 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600041-LCY
X-Cache: HIT
X-Cache-Hits: 3
X-Timer: S1741213730.208221,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 0f9d754ea1609333ed8b3b3b344bb45b9a22c2a9
Expires: Wed, 05 Mar 2025 22:33:50 GMT
Source-Age: 69
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: C5CA:26DDD4:5ED43:76D2A:67C8D022
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:51 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4243-LON
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213731.207756,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: b3d1ba271ad71c9a4fd4e774cf849c5513167097
Expires: Wed, 05 Mar 2025 22:33:51 GMT
Source-Age: 71
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: F428:3D5AED:5E11C:76108:67C8D023
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:52 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600075-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213732.185482,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: ac3b3e527253fd2b7d90e042c7107a2d287115ee
Expires: Wed, 05 Mar 2025 22:33:52 GMT
Source-Age: 71
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 802A:1E0BB5:5EB49:76B6B:67C8D024
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:53 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600098-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213733.422180,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 0ee23f77d2a75493100be2f09c8a35626a7d3f16
Expires: Wed, 05 Mar 2025 22:33:53 GMT
Source-Age: 72
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: DB69:276A13:5E42E:7647D:67C8D026
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:54 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420107-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213734.416452,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 685273ad11f4404bc1b6ae47667d489eb9802e88
Expires: Wed, 05 Mar 2025 22:33:54 GMT
Source-Age: 75
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: F6EE:CE94B:5F688:776D1:67C8D027
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:55 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600070-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213735.449333,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 8f90ac9d872f0eec2200652bcb4a639d86d4a747
Expires: Wed, 05 Mar 2025 22:33:55 GMT
Source-Age: 74
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: B074:265730:5EBEF:76C71:67C8D028
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:56 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600087-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213737.557292,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: c733552dab77e41aa70e0e37b69fb51550a03ed9
Expires: Wed, 05 Mar 2025 22:33:56 GMT
Source-Age: 75
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: F6E0:3D5AED:5E3B2:7644C:67C8D029
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:57 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600076-LCY
X-Cache: HIT
X-Cache-Hits: 3
X-Timer: S1741213738.516604,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: cdc084a697f90c401436249a099e8f36b2195761
Expires: Wed, 05 Mar 2025 22:33:57 GMT
Source-Age: 76
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 8C55:22C9A2:5EE3A:76F19:67C8D02A
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:58 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600057-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213739.645412,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 2b335a6d1f32c2b776aaf5d3bcfca88ea5f94c36
Expires: Wed, 05 Mar 2025 22:33:58 GMT
Source-Age: 77
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 18A1:3708B8:60729:7882C:67C8D02B
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:28:59 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420138-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213740.674196,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: be1bea44cd6639265772a2bdb578f03b6d472d6a
Expires: Wed, 05 Mar 2025 22:33:59 GMT
Source-Age: 80
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: B860:380DF5:5E32D:76451:67C8D02C
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:00 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600060-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213741.680601,VS0,VE3
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 634523dc7f587dbf2c57113bb27ae39edb6d2207
Expires: Wed, 05 Mar 2025 22:34:00 GMT
Source-Age: 79
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: C570:26DDD4:5F260:7739D:67C8D02D
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:01 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420134-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213742.680689,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: b00e212e5b4d689b16cede8be56ad171a8a3c354
Expires: Wed, 05 Mar 2025 22:34:01 GMT
Source-Age: 82
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 91A6:2E45B0:60500:78667:67C8D02E
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:02 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600035-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213743.685076,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 3ea59d8b06ef8974d99d1a206a5c8179de0f9b01
Expires: Wed, 05 Mar 2025 22:34:02 GMT
Source-Age: 81
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 488A:38F677:5D667:757D9:67C8D02F
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:03 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420130-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213744.690690,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: b21f575cb27a1b33183b89996538bbc8fb726fcf
Expires: Wed, 05 Mar 2025 22:34:03 GMT
Source-Age: 84
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: ECD6:276A13:5E918:76ABB:67C8D030
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:04 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600022-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213745.791338,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 4f15a39ee997b37c96e1ab2d830d1d8ded210433
Expires: Wed, 05 Mar 2025 22:34:04 GMT
Source-Age: 84
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: A83B:3708B8:60A19:78BEC:67C8D031
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:05 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600035-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213746.790483,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 776a9848168bf68930b7869317d1eecabb34aff8
Expires: Wed, 05 Mar 2025 22:34:05 GMT
Source-Age: 84
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: EAFE:1E0BB5:5F139:77330:67C8D032
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:06 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420126-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213747.791300,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 4759bcecbf024aec31fe95271a61cc81a3de4be2
Expires: Wed, 05 Mar 2025 22:34:06 GMT
Source-Age: 87
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 6239:2E45B0:607AB:789BC:67C8D033
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:07 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600062-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213748.779868,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 614b38e1075084d2569ec8f6c6bb05bccb8db58d
Expires: Wed, 05 Mar 2025 22:34:07 GMT
Source-Age: 87
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 42DA:1E0BB5:5F226:7745C:67C8D034
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:08 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600047-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213749.745094,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: a36bb860d73590ac4c5e1d4ef5546ac6b1502aea
Expires: Wed, 05 Mar 2025 22:34:08 GMT
Source-Age: 88
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 8CF7:2919FB:51F6E:6724E:67C8D035
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:09 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600048-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213750.712138,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 0119e60a531ebfdcc06ba6fde659217e80d54fbb
Expires: Wed, 05 Mar 2025 22:34:09 GMT
Source-Age: 88
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 1842:1ECE39:5E9F4:76C77:67C8D036
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:10 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600057-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213751.705098,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 09e8d5d4dad2e4913c9762c3f33734633723424f
Expires: Wed, 05 Mar 2025 22:34:10 GMT
Source-Age: 89
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: CD85:92DE4:60503:7878B:67C8D037
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:11 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4223-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213752.648022,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: c04dba8ee4d93272020329ccbefca7c5b3693050
Expires: Wed, 05 Mar 2025 22:34:11 GMT
Source-Age: 92
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 7AF6:3D5AED:5EB82:76E25:67C8D038
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:12 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600090-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213753.585778,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 431b8d725515a32ebc7fca3b34368bcb93b46184
Expires: Wed, 05 Mar 2025 22:34:12 GMT
Source-Age: 91
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: DA31:26DDD4:5F8A3:77B86:67C8D039
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:13 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600075-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213754.726007,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 4abf2be6d00c5d5543947ea99c4c5ff015ea7c83
Expires: Wed, 05 Mar 2025 22:34:13 GMT
Source-Age: 93
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: F3DF:3B9EB9:60056:78339:67C8D03A
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:14 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600070-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213755.629680,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: e841167152347d18f6fbb47b96d15c359ee0a661
Expires: Wed, 05 Mar 2025 22:34:14 GMT
Source-Age: 93
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 3AF2:E8F71:5CCE9:74FF9:67C8D03B
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:15 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420125-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213756.774314,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 43bbf5cccd4a8e3b6cf3b0988f9b42d0772e01c3
Expires: Wed, 05 Mar 2025 22:34:15 GMT
Source-Age: 96
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 558A:B290A:5ED41:77075:67C8D03C
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:16 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4247-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213757.741592,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 7d4053d359d0f2d4aa69cf661a657a5520173328
Expires: Wed, 05 Mar 2025 22:34:16 GMT
Source-Age: 97
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 3C66:276A13:5EF07:7726B:67C8D03D
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:17 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600054-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213758.660281,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 4aa33aee1e5531f187f641f34953f61bd438cda6
Expires: Wed, 05 Mar 2025 22:34:17 GMT
Source-Age: 96
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 2C5D:26DD76:60CAA:7901F:67C8D03E
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:18 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600032-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213759.603014,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 765eb12a2ba7c52c06a671c0573a7cd6a6abf59a
Expires: Wed, 05 Mar 2025 22:34:18 GMT
Source-Age: 97
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 040F:1638E5:5E6D3:76A5F:67C8D03F
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:19 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600055-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213760.534652,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: ef2f80a075b6728e66eac5e74553826402d4149b
Expires: Wed, 05 Mar 2025 22:34:19 GMT
Source-Age: 98
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 0431:2E45B0:60E08:791D8:67C8D040
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:20 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600030-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213760.447667,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 8e7bd00a2f96f534648864fd38cfb6ee21490f7f
Expires: Wed, 05 Mar 2025 22:34:20 GMT
Source-Age: 99
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: CD40:3BEE:5F056:77447:67C8D041
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:21 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600067-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213761.477865,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 65fca258673294a86d2db2932a1b96699234fe36
Expires: Wed, 05 Mar 2025 22:34:21 GMT
Source-Age: 100
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 8535:276A13:5F142:77549:67C8D042
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:22 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600064-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213763.534289,VS0,VE4
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: c22827181747a33a76df3d00aaf2c1e01b0ed39b
Expires: Wed, 05 Mar 2025 22:34:22 GMT
Source-Age: 101
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:23 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420127-LON
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213763.483808,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: abf15c1f89a3eafd11c4cff7d77fedb545d49d44
Expires: Wed, 05 Mar 2025 22:34:23 GMT
Source-Age: 104
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: DCD0:92DE4:60AE9:78F35:67C8D044
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:24 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600061-LCY
X-Cache: HIT
X-Cache-Hits: 3
X-Timer: S1741213764.343659,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: ef90ab7ee64d9f597a5f6d04b2f4925156b0061e
Expires: Wed, 05 Mar 2025 22:34:24 GMT
Source-Age: 103
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: B535:E8F71:5D1A7:75600:67C8D044
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:25 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600045-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213766.755124,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 2a45f612900b639f1b38f6a082fcb9c782e52d26
Expires: Wed, 05 Mar 2025 22:34:25 GMT
Source-Age: 105
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 8FC5:CE94B:6067F:78B18:67C8D046
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:26 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600027-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213767.774464,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: f4c2796bb2a5e0e1301d49690ee25f762a749466
Expires: Wed, 05 Mar 2025 22:34:26 GMT
Source-Age: 106
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 8D1D:3D5AED:5F2E9:7779C:67C8D047
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:27 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600094-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213768.725686,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 7fb67866716fc9949273475d2a65ddcab387d72d
Expires: Wed, 05 Mar 2025 22:34:27 GMT
Source-Age: 107
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 31DC:10CD73:5FBEE:780CB:67C8D048
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:28 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600081-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213769.700100,VS0,VE3
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 161763e1b57b3f986d915129f3c4287e73e510b4
Expires: Wed, 05 Mar 2025 22:34:28 GMT
Source-Age: 107
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 3A35:2919FB:5293A:67EDD:67C8D049
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:29 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600044-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213770.778990,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 4123e7198d657a0f38e2b7c8a042e219ccc8cbc0
Expires: Wed, 05 Mar 2025 22:34:29 GMT
Source-Age: 109
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 2E9A:3D5AED:5F487:779A2:67C8D04A
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:30 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600043-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213771.765386,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: b4b689efbb0229b124aba301d46ad86dc60909ed
Expires: Wed, 05 Mar 2025 22:34:30 GMT
Source-Age: 110
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 36D0:219DF2:62043:7A573:67C8D04B
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:31 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420117-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213772.779422,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 5e2ad197501f34f8e2f0633ef9ad3765a31960ba
Expires: Wed, 05 Mar 2025 22:34:31 GMT
Source-Age: 112
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: B56B:2E9FE0:5E609:76B66:67C8D04C
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:32 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420112-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213773.765425,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 91eaeaa06a269db80fd40ac6eb87e8b3ccf68f7c
Expires: Wed, 05 Mar 2025 22:34:32 GMT
Source-Age: 113
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: CC52:265730:5FEBF:78422:67C8D04D
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:33 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600047-LCY
X-Cache: HIT
X-Cache-Hits: 3
X-Timer: S1741213774.748426,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 6f9596d2907b671ba568fbb1443ec3126c92286e
Expires: Wed, 05 Mar 2025 22:34:33 GMT
Source-Age: 113
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: CD50:22C9A2:600E5:786A4:67C8D04E
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:34 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600060-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213775.763769,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 22ebee1dbdf1d02c29565a70246c7b54928e7315
Expires: Wed, 05 Mar 2025 22:34:34 GMT
Source-Age: 113
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: D8EC:2CFD4:5F55F:77B25:67C8D04F
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:35 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600027-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213776.741518,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: f9de8a1732de75e88a44993b915271312c7baf7a
Expires: Wed, 05 Mar 2025 22:34:35 GMT
Source-Age: 115
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 938B:219DF2:62330:7A916:67C8D050
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:36 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4272-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213777.767552,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 40317878de5ecb03b3f240f743616d3f8f3064c1
Expires: Wed, 05 Mar 2025 22:34:36 GMT
Source-Age: 117
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 5F41:219DF2:623A6:7A9AD:67C8D051
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:37 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600021-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213778.687215,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 6d7bf8a8dd5312ea4f2b5d2ce3de844026251bc4
Expires: Wed, 05 Mar 2025 22:34:37 GMT
Source-Age: 116
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 0593:3D5AED:5F8C7:77EE6:67C8D052
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:38 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600034-LCY
X-Cache: HIT
X-Cache-Hits: 3
X-Timer: S1741213779.546117,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: c0150f3ac7d7602ccb4dff94a8d24a5453d191b6
Expires: Wed, 05 Mar 2025 22:34:38 GMT
Source-Age: 117
DNS

github.com

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:27:38 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 0C57:26DDD4:605B7:78C11:67C8D053
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:39 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600047-LCY
X-Cache: HIT
X-Cache-Hits: 4
X-Timer: S1741213780.557957,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: a82943549d0744f57d8787bcadccf730199db2a4
Expires: Wed, 05 Mar 2025 22:34:39 GMT
Source-Age: 118
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: C803:3708B8:61C13:7A27B:67C8D054
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:40 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600041-LCY
X-Cache: HIT
X-Cache-Hits: 4
X-Timer: S1741213781.681497,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: f3e8a4a3fd510da78c72f6b162d59d86bd1b1da2
Expires: Wed, 05 Mar 2025 22:34:40 GMT
Source-Age: 120
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 16EF:22C9A2:60475:78B1F:67C8D055
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:41 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600071-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213782.705295,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 33319cf7b574aad42caeac6663c3e4ba7b4c3f15
Expires: Wed, 05 Mar 2025 22:34:41 GMT
Source-Age: 120
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 0AE0:38F677:5E88C:76F32:67C8D056
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:42 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600076-LCY
X-Cache: HIT
X-Cache-Hits: 4
X-Timer: S1741213783.799909,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 7d520efc9939e9d578bc0cd7b01cc350e0d200cc
Expires: Wed, 05 Mar 2025 22:34:42 GMT
Source-Age: 122
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 329D:2919FB:52FD4:68741:67C8D057
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:43 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4233-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213784.869014,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 46af02821310af44fe9e796001704e5127d66c79
Expires: Wed, 05 Mar 2025 22:34:43 GMT
Source-Age: 124
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: B6B1:3708B8:61E79:7A565:67C8D058
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:44 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600030-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213785.978385,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: bef269145982abf31b1336978593a750f13006c1
Expires: Wed, 05 Mar 2025 22:34:44 GMT
Source-Age: 124
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: E037:2919FB:530B7:68871:67C8D059
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:46 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600043-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213786.117348,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 5c23c715f9bb6c5a220d48c2eaabb79f7890c240
Expires: Wed, 05 Mar 2025 22:34:46 GMT
Source-Age: 125
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 887C:3D5AED:5FCF4:78433:67C8D05A
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:47 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420111-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213787.195533,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: e241cc505585150699b6f998fa62de3cfb13ddb3
Expires: Wed, 05 Mar 2025 22:34:47 GMT
Source-Age: 128
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: D8CA:219DF2:628A3:7B003:67C8D05B
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:48 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600083-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213788.298322,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: ca9b63d01001429b84fad3d1db28d82f3d00abac
Expires: Wed, 05 Mar 2025 22:34:48 GMT
Source-Age: 127
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: BDAF:3B9EB9:611AE:79942:67C8D05D
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:49 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600048-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213789.390081,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: a5279c26d04ffc3714b9a80328d63ce94644be60
Expires: Wed, 05 Mar 2025 22:34:49 GMT
Source-Age: 128
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: EB18:11505B:5EEFD:776B5:67C8D05E
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:50 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600051-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213790.455703,VS0,VE4
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: f08dba9f073857a934372e7b4f0f3ee207214872
Expires: Wed, 05 Mar 2025 22:34:50 GMT
Source-Age: 129
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: AC22:2A01EC:5F30C:77AD1:67C8D05F
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:51 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600048-LCY
X-Cache: HIT
X-Cache-Hits: 3
X-Timer: S1741213792.511954,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: ff355dc0f439ff812de4c8ed6f743bca46ff962c
Expires: Wed, 05 Mar 2025 22:34:51 GMT
Source-Age: 130
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 1150:223CD6:63FDB:7C7D9:67C8D060
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:52 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600055-LCY
X-Cache: HIT
X-Cache-Hits: 3
X-Timer: S1741213793.623486,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 2a4c94a8ad6681c078aa29e83b3ea95305484769
Expires: Wed, 05 Mar 2025 22:34:52 GMT
Source-Age: 132
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 8A98:1E0BB5:607A2:78FD0:67C8D061
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:53 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600027-LCY
X-Cache: HIT
X-Cache-Hits: 3
X-Timer: S1741213794.670665,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 1dc99baafd449d2ee1abb54c223d806bbd48cb45
Expires: Wed, 05 Mar 2025 22:34:53 GMT
Source-Age: 133
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: AC9D:3708B8:6238F:7ABDE:67C8D062
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:54 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4233-LON
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213795.672470,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 38bbb0c1fbe3d496b3be45d41bfa1f954364fdf3
Expires: Wed, 05 Mar 2025 22:34:54 GMT
Source-Age: 135
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: DE8D:2919FB:53543:68E50:67C8D063
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:55 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600049-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213796.730375,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: a7ed910985715a89977784eba564b00bbb3c28c7
Expires: Wed, 05 Mar 2025 22:34:55 GMT
Source-Age: 134
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 5205:3A8F0E:618C0:7A148:67C8D064
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:56 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4257-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213797.884048,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: c8e81e7a7f841b3e79c9d1fe6a41014a06a3ed61
Expires: Wed, 05 Mar 2025 22:34:56 GMT
Source-Age: 138
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 49D4:3A8F0E:61965:7A21C:67C8D065
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:58 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600066-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213798.191371,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: ad2e5b4d91754a6a5e373a480cee71cf3975cc28
Expires: Wed, 05 Mar 2025 22:34:58 GMT
Source-Age: 137
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 10D5:223CD6:642E7:7CBC8:67C8D066
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:29:59 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600026-LCY
X-Cache: HIT
X-Cache-Hits: 3
X-Timer: S1741213799.223947,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 4a216550ab0e5d9208a8540dc6e3e5477610680f
Expires: Wed, 05 Mar 2025 22:34:59 GMT
Source-Age: 138
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 905D:22C9A2:60D7A:7969C:67C8D068
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:30:00 GMT
Via: 1.1 varnish
X-Served-By: cache-lon4254-LON
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213800.346014,VS0,VE4
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: c495f0831898028245cda577df966c6362f16b75
Expires: Wed, 05 Mar 2025 22:35:00 GMT
Source-Age: 141
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 7A79:2919FB:53812:691E4:67C8D069
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:30:01 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600066-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213801.413648,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 1835e9ce9d11823da560528a90e51364f274f635
Expires: Wed, 05 Mar 2025 22:35:01 GMT
Source-Age: 140
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: EC46:1ECE39:60369:78CD4:67C8D06A
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:30:02 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600060-LCY
X-Cache: HIT
X-Cache-Hits: 3
X-Timer: S1741213803.628833,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 06c8e648548685931470e3f7bd95aa460724753f
Expires: Wed, 05 Mar 2025 22:35:02 GMT
Source-Age: 141
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 704A:2E9FE0:5F674:77FED:67C8D06B
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:30:03 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600098-LCY
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213804.725573,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: ff66feae1f310021893bbf4744f031b3c42807b2
Expires: Wed, 05 Mar 2025 22:35:03 GMT
Source-Age: 142
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 48C6:38F677:5F4D4:77E77:67C8D06C
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:30:05 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600072-LCY
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1741213805.144066,VS0,VE2
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 69c0c082ad6090ae22239b91fe9c98dd13eb96cd
Expires: Wed, 05 Mar 2025 22:35:05 GMT
Source-Age: 144
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: 49BD:380DF5:602D9:78CB7:67C8D06D
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 6F08:2E4E38:2665C6:545502:67C8CFDA
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:30:06 GMT
Via: 1.1 varnish
X-Served-By: cache-lon420125-LON
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1741213806.149938,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 5dfbe032b805d16b395f09597c31f5908578583f
Expires: Wed, 05 Mar 2025 22:35:06 GMT
Source-Age: 146
GET

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

20.26.156.215:443

Request

GET /Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: github.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: GitHub.com
Date: Wed, 05 Mar 2025 22:29:39 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Access-Control-Allow-Origin:
Location: https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
Content-Length: 0
X-GitHub-Request-Id: D88F:2E45B0:62767:7B16C:67C8D06E
GET

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

Remote address:

185.199.109.133:443

Request

GET /Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip HTTP/1.1
Host: raw.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 402632
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: application/zip
ETag: "004f09a50a54351833511d1b99db3436b26a72d8e149d6c13dd20a27fe83f3a9"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 2808:32793E:281BA2:560A98:67C8CFBD
Accept-Ranges: bytes
Date: Wed, 05 Mar 2025 22:30:07 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600044-LCY
X-Cache: HIT
X-Cache-Hits: 3
X-Timer: S1741213807.228531,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: a63ce8bc7335082da019627a9e99c1289eb064a8
Expires: Wed, 05 Mar 2025 22:35:07 GMT
Source-Age: 146

20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

865 B
7.8kB
10
9

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
421.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
10.127.0.1:445

260 B
5
40.126.32.133:445

login.live.com

260 B
5
2.16.153.13:445

ctldl.windowsupdate.com

260 B
5
20.26.156.215:445

github.com

260 B
5
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
10.127.0.1:139

260 B
5
2.16.153.13:139

ctldl.windowsupdate.com

260 B
5
40.126.32.133:139

login.live.com

260 B
5
20.26.156.215:139

github.com

260 B
5
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.0:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
10.127.0.0:139

rundll32.exe
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.1:445

rundll32.exe

104 B
2
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

10.1kB
420.7kB
196
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

877 B
7.8kB
10
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
10.127.0.1:139

rundll32.exe

104 B
2
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.6kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

15.1kB
420.3kB
247
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.2:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.6kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.2:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

871 B
9.2kB
10
9

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.6kB
158
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.3:445

rundll32.exe
20.26.156.215:443

github.com

tls

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

13.0kB
420.3kB
227
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.3:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.4:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.4:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.6kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.5:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.6kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.5:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.6kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.8kB
420.3kB
159
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.6:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.6:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.6kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.7:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

11.0kB
420.3kB
203
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.7:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.8:445

rundll32.exe
10.127.0.8:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

877 B
7.8kB
10
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.7kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.9:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.7kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.9:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
421.0kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.6kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.10:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
421.0kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.7kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.10:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.6kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.11:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.11:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.7kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

10.7kB
420.3kB
209
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.12:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.12:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.13:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.7kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.13:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
158
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.14:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

1.1kB
7.9kB
11
9

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.7kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
10.127.0.14:139

rundll32.exe
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

1.0kB
8.4kB
11
9

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

15.3kB
420.3kB
251
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

10.0kB
420.6kB
193
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.15:445

rundll32.exe
10.127.0.15:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.7kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.16:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.7kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

871 B
9.2kB
10
9

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.16:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.17:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

1.1kB
7.9kB
11
9

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.6kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.17:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
10.127.0.18:445

rundll32.exe
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.7kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.6kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

11.2kB
421.0kB
218
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.18:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.19:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.19:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
421.0kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.20:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

11.8kB
420.3kB
228
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.7kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.20:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.7kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.21:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.21:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

10.3kB
420.3kB
203
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.22:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

11.0kB
420.7kB
197
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.22:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.23:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.6kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.23:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.24:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.7kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.7kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.24:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

github.com

tls

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.25:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.7kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

923 B
7.8kB
11
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
10.127.0.25:139

rundll32.exe
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.6kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.8kB
422.4kB
159
308

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.26:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
421.0kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.26:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.7kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.27:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.6kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.7kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.27:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

12.5kB
420.6kB
222
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.28:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.7kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.28:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

10.1kB
420.7kB
200
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.29:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
421.0kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.29:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.6kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.30:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
421.0kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.30:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.6kB
158
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.31:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

12.0kB
420.7kB
216
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.31:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.6kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.32:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.7kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.32:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

10.0kB
420.3kB
198
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

8.6kB
420.3kB
174
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.33:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.33:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.7kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.34:445

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

12.8kB
420.7kB
227
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.34:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.7kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.6kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

1.0kB
8.4kB
11
9

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
10.127.0.35:445

rundll32.exe
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

819 B
7.8kB
9
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

7.7kB
420.3kB
157
307

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.35:139

rundll32.exe
20.26.156.215:443

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

773 B
7.8kB
8
8

HTTP Request

GET https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/BadRabbit.zip

HTTP Response

302
185.199.109.133:443

https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

tls, http

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

5.2kB
276.1kB
103
203

HTTP Request

GET https://raw.githubusercontent.com/Endermanch/MalwareDatabase/master/ransomwares/BadRabbit.zip

HTTP Response

200
10.127.0.36:445

rundll32.exe
20.26.156.215:443

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

8.8.8.8:53

github.com

dns

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

raw.githubusercontent.com

dns

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

71 B
135 B
1
1

DNS Request

raw.githubusercontent.com

DNS Response

185.199.109.133

185.199.108.133

185.199.111.133

185.199.110.133
8.8.8.8:53

github.com

dns

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

github.com

dns

f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\f9c5420c0f039a178f5495ecfb657f8da383624e0cf7f02c645fbdfa95e2e8b9.exe.log

Filesize
847B

MD5
37544b654facecb83555afec67d08b33

SHA1
4dc0f5db034801784b01befef5c1d3304145e1dc

SHA256
ec084a6c6ecd7d31f1927b0cd926ec03ce346a469f24e5a860e05f2241bd7bf4

SHA512
4af827ead52c8769672f58a69fca18484aeba1e59b7ec0527e200f8e3d893bcbc1063ea820260fc0b922985ee3b26c3a6f79b4044fb34f1b58f2e3379971b5f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\BadRabbit.zip

Filesize
393KB

MD5
61da9939db42e2c3007ece3f163e2d06

SHA1
4bd7e9098de61adecc1bdbd1a01490994d1905fb

SHA256
ea8ccb8b5ec36195af831001b3cc46caedfc61a6194e2568901e7685c57ceefa

SHA512
14d0bc14a10e5bd8022e7ab4a80f98600f84754c2c80e22a8e3d9f9555dde5bad056d925576b29fc1a37e73c6ebca693687b47317a469a7dfdc4ab0f3d97a63e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Endermanch@BadRabbit.exe

Filesize
431KB

MD5
fbbdc39af1139aebba4da004475e8839

SHA1
de5c8d858e6e41da715dca1c019df0bfb92d32c0

SHA256
630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da

SHA512
74eca8c01de215b33d5ceea1fda3f3bef96b513f58a750dba04b0de36f7ef4f7846a6431d52879ca0d8641bfd504d4721a9a96fa2e18c6888fd67fa77686af87

Download Submit
C:\Windows\B5A4.tmp

Filesize
60KB

MD5
347ac3b6b791054de3e5720a7144a977

SHA1
413eba3973a15c1a6429d9f170f3e8287f98c21c

SHA256
301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c

SHA512
9a399916bc681964af1e1061bc0a8e2926307642557539ad587ce6f9b5ef93bdf1820fe5d7b5ffe5f0bb38e5b4dc6add213ba04048c0c7c264646375fcd01787

Download Submit
C:\Windows\infpub.dat

Filesize
401KB

MD5
1d724f95c61f1055f0d02c2154bbccd3

SHA1
79116fe99f2b421c52ef64097f0f39b815b20907

SHA256
579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648

SHA512
f2d7b018d1516df1c97cfff5507957c75c6d9bf8e2ce52ae0052706f4ec62f13eba6d7be17e6ad2b693fdd58e1fd091c37f17bd2b948cdcd9b95b4ad428c0113

Download Submit
C:\Windows\infpub.dat

Filesize
256KB

MD5
bf857aef3e4e67f62c3f4c362acb14c4

SHA1
697e922479e94149d15407a9f19b18b120bf806c

SHA256
a5b86bb3baa2f2537aea4548c1328d1d538ca769a00dcf1b708d430fc2fe4387

SHA512
e881b3dd8786bac901cded3ed5a6f9448f91db3a24be37c4c5fe2018c6050879f85e4f689c58117e920e85892ae3ca608242f988942676307aa6b485686af4b1

Download Submit
C:\Windows\infpub.dat

Filesize
401KB

MD5
c29d6253d89ee9c0c872dd377a7a8454

SHA1
46be3800684f6b208e0a8c7b120ef8614c22c4b0

SHA256
03f4198a279ea4c36a62cd271d3b2d796547013548666006fbef45e20bb920cb

SHA512
50141de5e0a827688251161353932b677c85e0d6e6831293c9a0044543e541fe8bd4e62fa403abc06df9d220fd843aa58ff9cc37abf46be3e06ae14905c24a5e

Download Submit
C:\Windows\infpub.dat

Filesize
401KB

MD5
c4f26ed277b51ef45fa180be597d96e8

SHA1
e9efc622924fb965d4a14bdb6223834d9a9007e7

SHA256
14d82a676b63ab046ae94fa5e41f9f69a65dc7946826cb3d74cea6c030c2f958

SHA512
afc2a8466f106e81d423065b07aed2529cbf690ab4c3e019334f1bedfb42dc0e0957be83d860a84b7285bd49285503bfe95a1cf571a678dbc9bdb07789da928e

Download Submit
C:\Windows\infpub.dat

Filesize
401KB

MD5
449546d6d9a953b1364147ed0755c3b3

SHA1
8306721ab3735df6a5e743b289011b04fdb763bc

SHA256
50bbb61b89a635adcbef23b498cc5c83bc94d161f816131433eeff9143d830b5

SHA512
ed986c6d12deca8d3357d16c976bb1535455c668520f9229f08096c9108a26aa5cc45cfba967e326b3cb1ceb25c97174161800311bdb1a652baf4f0a7c2114c0

Download Submit
C:\Windows\infpub.dat

Filesize
401KB

MD5
4e46d3825c01ec53e22d2fe7c4a7a582

SHA1
6cce78e16ccc0178d3b9b3fce26b249103bd1e1e

SHA256
f662641eab0abd8750a6c629357bc8b67597f6858273cc2e114d03da44a29493

SHA512
8287d2feeb1be2df830c0973180d8752ea7d159a4ec42d900198e0a1c41c9fd1b2676a6e682cd8781d90d23bbd49e3c410ccff174133daa535301a0bed4a9d97

Download Submit
memory/528-2846-0x000001F007450000-0x000001F007466000-memory.dmp

Filesize
88KB

Download
memory/644-173-0x000001C2DDCC0000-0x000001C2DDCD6000-memory.dmp

Filesize
88KB

Download
memory/1324-546-0x000001CAA2CC0000-0x000001CAA2CD6000-memory.dmp

Filesize
88KB

Download
memory/1560-186-0x0000000003250000-0x00000000032B8000-memory.dmp

Filesize
416KB

Download
memory/1560-178-0x0000000003250000-0x00000000032B8000-memory.dmp

Filesize
416KB

Download
memory/1568-3473-0x0000022964F00000-0x0000022964F16000-memory.dmp

Filesize
88KB

Download
memory/1740-95-0x00000000038F0000-0x0000000003958000-memory.dmp

Filesize
416KB

Download
memory/1740-103-0x00000000038F0000-0x0000000003958000-memory.dmp

Filesize
416KB

Download
memory/1940-65-0x0000000002D30000-0x0000000002D98000-memory.dmp

Filesize
416KB

Download
memory/1940-73-0x0000000002D30000-0x0000000002D98000-memory.dmp

Filesize
416KB

Download
memory/2420-235-0x00000179ED590000-0x00000179ED5A6000-memory.dmp

Filesize
88KB

Download
memory/2612-238-0x00000000028D0000-0x0000000002938000-memory.dmp

Filesize
416KB

Download
memory/2684-323-0x0000025171C10000-0x0000025171C26000-memory.dmp

Filesize
88KB

Download
memory/2740-1693-0x00000115AD540000-0x00000115AD556000-memory.dmp

Filesize
88KB

Download
memory/2960-3500-0x0000021909C20000-0x0000021909C36000-memory.dmp

Filesize
88KB

Download
memory/3132-1744-0x000001442ABE0000-0x000001442ABF6000-memory.dmp

Filesize
88KB

Download
memory/3348-60-0x00000205B75C0000-0x00000205B75D6000-memory.dmp

Filesize
88KB

Download
memory/3524-1305-0x0000024B7B990000-0x0000024B7B9A6000-memory.dmp

Filesize
88KB

Download
memory/3604-205-0x000001C1AE160000-0x000001C1AE176000-memory.dmp

Filesize
88KB

Download
memory/3664-148-0x00000000028E0000-0x0000000002948000-memory.dmp

Filesize
416KB

Download
memory/3664-156-0x00000000028E0000-0x0000000002948000-memory.dmp

Filesize
416KB

Download
memory/4024-104-0x0000000002CE0000-0x0000000002D48000-memory.dmp

Filesize
416KB

Download
memory/4024-32-0x0000000002CE0000-0x0000000002D48000-memory.dmp

Filesize
416KB

Download
memory/4024-40-0x0000000002CE0000-0x0000000002D48000-memory.dmp

Filesize
416KB

Download
memory/4128-208-0x0000000003050000-0x00000000030B8000-memory.dmp

Filesize
416KB

Download
memory/4128-216-0x0000000003050000-0x00000000030B8000-memory.dmp

Filesize
416KB

Download
memory/4428-25-0x00007FFBAE7F0000-0x00007FFBAF2B2000-memory.dmp

Filesize
10.8MB

Download
memory/4428-26-0x000001A794170000-0x000001A794186000-memory.dmp

Filesize
88KB

Download
memory/4428-29-0x00007FFBAE7F0000-0x00007FFBAF2B2000-memory.dmp

Filesize
10.8MB

Download
memory/4428-59-0x00007FFBAE7F0000-0x00007FFBAF2B2000-memory.dmp

Filesize
10.8MB

Download
memory/5160-3550-0x0000018164A70000-0x0000018164A86000-memory.dmp

Filesize
88KB

Download
memory/5192-0-0x00007FFBAE7F3000-0x00007FFBAE7F5000-memory.dmp

Filesize
8KB

Download
memory/5192-1-0x000001AB554B0000-0x000001AB554DC000-memory.dmp

Filesize
176KB

Download
memory/5192-3-0x000001AB55880000-0x000001AB55886000-memory.dmp

Filesize
24KB

Download
memory/5192-24-0x00007FFBAE7F0000-0x00007FFBAF2B2000-memory.dmp

Filesize
10.8MB

Download
memory/5192-5-0x00007FFBAE7F0000-0x00007FFBAF2B2000-memory.dmp

Filesize
10.8MB

Download
memory/5192-4-0x000001AB57130000-0x000001AB57168000-memory.dmp

Filesize
224KB

Download
memory/5192-2-0x000001AB55860000-0x000001AB55876000-memory.dmp

Filesize
88KB

Download
memory/5240-1053-0x0000025161C20000-0x0000025161C36000-memory.dmp

Filesize
88KB

Download
memory/5268-2045-0x000002A24C0D0000-0x000002A24C0E6000-memory.dmp

Filesize
88KB

Download
memory/5348-2973-0x000001D197840000-0x000001D197856000-memory.dmp

Filesize
88KB

Download
memory/5496-852-0x000001DCBCC00000-0x000001DCBCC16000-memory.dmp

Filesize
88KB

Download
memory/5524-90-0x0000023A98CD0000-0x0000023A98CE6000-memory.dmp

Filesize
88KB

Download
memory/5588-1642-0x000001855B3F0000-0x000001855B406000-memory.dmp

Filesize
88KB

Download
memory/5800-1355-0x000002636F9E0000-0x000002636F9F6000-memory.dmp

Filesize
88KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request