Network Analysis

GET /download?cid=7AD84143EE0A85E3&resid=7AD84143EE0A85E3%21114&authkey=AMU_VwbYanb_5vQ HTTP/1.1 User-Agent: zipo Host: onedrive.live.com

HTTP/1.1 302 Found Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html Expires: -1 Location: https://pxqklq.sn.files.1drv.com/y4mg89f-6gcTFt9nUg_sEWMZaxANJtZ7KMjeZ0uFle33_KPtwBN9B0K_qoN_QPW8-byP6qrtoBYRbmXkpxTfUEwpZw0wySpJMYbHpVDFh2dOM7ne3-MhDZuyyuEwohpk8dvJeVWBT5AKYXBF-NbNEZsYXHQNDDBsuQsiryuQGYcsAfYHYZN-weN5jSSBfsDTCFTZZm_cNa_kvhnRO1TegqIKQ/Fdhlajkqzshwymncekoaweuudqrkiey?download&psid=1 Set-Cookie: E=P:bKkKpN5W2Yg=:ore5CLtGcvVGWne6kkeCEnkWUF8fD3UmHBqHHN03Uz0=:F; domain=.live.com; path=/ Set-Cookie: xid=e357bf20-d703-4e0d-aa06-1f505ac64899&&RD00155D99B04C&260; domain=.live.com; path=/ Set-Cookie: xidseq=1; domain=.live.com; path=/ Set-Cookie: LD=; domain=.live.com; expires=Tue, 03-Aug-2021 22:47:28 GMT; path=/ Set-Cookie: wla42=; domain=live.com; expires=Wed, 11-Aug-2021 00:27:28 GMT; path=/ X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-MSNServer: RD00155D99B04C X-ODWebServer: eastus0-odwebpl X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 17FBE68309524F85B37E6720F23F63C7 Ref B: SLAEDGE1112 Ref C: 2021-08-04T00:27:28Z Date: Wed, 04 Aug 2021 00:27:28 GMT Content-Length: 0

GET /y4mg89f-6gcTFt9nUg_sEWMZaxANJtZ7KMjeZ0uFle33_KPtwBN9B0K_qoN_QPW8-byP6qrtoBYRbmXkpxTfUEwpZw0wySpJMYbHpVDFh2dOM7ne3-MhDZuyyuEwohpk8dvJeVWBT5AKYXBF-NbNEZsYXHQNDDBsuQsiryuQGYcsAfYHYZN-weN5jSSBfsDTCFTZZm_cNa_kvhnRO1TegqIKQ/Fdhlajkqzshwymncekoaweuudqrkiey?download&psid=1 HTTP/1.1 User-Agent: zipo Host: pxqklq.sn.files.1drv.com Connection: Keep-Alive

HTTP/1.1 200 OK Cache-Control: public Content-Length: 274944 Content-Type: application/octet-stream Content-Location: https://pxqklq.sn.files.1drv.com/y4mIpaG59ag83YfmR8SG78O2YiICHjfWPzTMxQCb1q2AQbHSxofJb448ldc9PmkzRUFqSuZyrZ2Kz4mv8HtHZyYBNAGq_eWmqNEzw6o3rirFQs5SirAyWMUzpT45qg0sKgYqVj43wt9a6xjrxWfOSr5VVg3UYtt7rkjTF9otcm92i-8chvKXr_6TttzEXE8iyVV Expires: Tue, 02 Nov 2021 00:27:29 GMT Last-Modified: Tue, 03 Aug 2021 05:44:43 GMT Accept-Ranges: bytes ETag: 7AD84143EE0A85E3!114.2 P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" X-MSNSERVER: SN4PPF04F2AC684 Strict-Transport-Security: max-age=31536000; includeSubDomains MS-CV: ZxUicgTxCEuW2zZZNfsxLA.0 X-SqlDataOrigin: S CTag: aYzo3QUQ4NDE0M0VFMEE4NUUzITExNC4yNTc X-PreAuthInfo: rv;poba; Content-Disposition: attachment; filename="Fdhlajkqzshwymncekoaweuudqrkiey" X-Content-Type-Options: nosniff X-StreamOrigin: X X-AsmVersion: UNKNOWN; 19.716.706.2005 X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 066FDD690ABD48299676F3CC3AD9AFA7 Ref B: SLAEDGE1019 Ref C: 2021-08-04T00:27:28Z Date: Wed, 04 Aug 2021 00:27:29 GMT

GET /download?cid=7AD84143EE0A85E3&resid=7AD84143EE0A85E3%21114&authkey=AMU_VwbYanb_5vQ HTTP/1.1 User-Agent: aswe Host: onedrive.live.com Cache-Control: no-cache Cookie: E=P:bKkKpN5W2Yg=:ore5CLtGcvVGWne6kkeCEnkWUF8fD3UmHBqHHN03Uz0=:F; xid=e357bf20-d703-4e0d-aa06-1f505ac64899&&RD00155D99B04C&260; xidseq=1; wla42=

HTTP/1.1 302 Found Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html Expires: -1 Location: https://pxqklq.sn.files.1drv.com/y4mlEcSPiQ-xLrMA-uh5-6zES3qzdkrPd7A5sYKVbpPegFaYO84OWiK8q0VzRB27zPc8qeNTbVrZt4hFA0ar9IFBGmPjFZnMRcioeM52jkL2S4YC9Dq0PgHm29CPXplS79VoZe87r8wmy0DOvZBoR7VAYdgeMTyyH2LEkzqpCHM9TcUnaHZgslTFHWnAvibAiQUKUAknvMUxEjV5lSOE0XPhw/Fdhlajkqzshwymncekoaweuudqrkiey?download&psid=1 Set-Cookie: E=P:jg7IpN5W2Yg=:NBZL8+/cwylWsq5NlyaN0iTsnK4/gaOFipdB7oprlZo=:F; domain=.live.com; path=/ Set-Cookie: xidseq=2; domain=.live.com; path=/ Set-Cookie: LD=; domain=.live.com; expires=Tue, 03-Aug-2021 22:47:29 GMT; path=/ Set-Cookie: wla42=; domain=live.com; expires=Wed, 11-Aug-2021 00:27:29 GMT; path=/ X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-MSNServer: RD00155D999AE9 X-ODWebServer: eastus0-odwebpl X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 1463E0CF3143459DB3D5E2342B09CA8F Ref B: SLAEDGE1112 Ref C: 2021-08-04T00:27:29Z Date: Wed, 04 Aug 2021 00:27:29 GMT Content-Length: 0

GET /y4mlEcSPiQ-xLrMA-uh5-6zES3qzdkrPd7A5sYKVbpPegFaYO84OWiK8q0VzRB27zPc8qeNTbVrZt4hFA0ar9IFBGmPjFZnMRcioeM52jkL2S4YC9Dq0PgHm29CPXplS79VoZe87r8wmy0DOvZBoR7VAYdgeMTyyH2LEkzqpCHM9TcUnaHZgslTFHWnAvibAiQUKUAknvMUxEjV5lSOE0XPhw/Fdhlajkqzshwymncekoaweuudqrkiey?download&psid=1 HTTP/1.1 User-Agent: aswe Host: pxqklq.sn.files.1drv.com Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Cache-Control: public Content-Length: 274944 Content-Type: application/octet-stream Content-Location: https://pxqklq.sn.files.1drv.com/y4mIpaG59ag83YfmR8SG78O2YiICHjfWPzTMxQCb1q2AQbHSxofJb448ldc9PmkzRUFqSuZyrZ2Kz4mv8HtHZyYBNAGq_eWmqNEzw6o3rirFQs5SirAyWMUzpT45qg0sKgYqVj43wt9a6xjrxWfOSr5VVg3UYtt7rkjTF9otcm92i-8chvKXr_6TttzEXE8iyVV Expires: Tue, 02 Nov 2021 00:27:30 GMT Last-Modified: Tue, 03 Aug 2021 05:44:42 GMT Accept-Ranges: bytes ETag: 7AD84143EE0A85E3!114.2 P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" X-MSNSERVER: SN3PPFAEB461CA1 Strict-Transport-Security: max-age=31536000; includeSubDomains MS-CV: nbG/7kS+aESLUgi/Lr+XSw.0 X-SqlDataOrigin: S CTag: aYzo3QUQ4NDE0M0VFMEE4NUUzITExNC4yNTc X-PreAuthInfo: rv;poba; Content-Disposition: attachment; filename="Fdhlajkqzshwymncekoaweuudqrkiey" X-Content-Type-Options: nosniff X-StreamOrigin: X X-AsmVersion: UNKNOWN; 19.725.719.2003 X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: CC08EBD1DE1346ABB78E832468ABE282 Ref B: SLAEDGE1116 Ref C: 2021-08-04T00:27:30Z Date: Wed, 04 Aug 2021 00:27:30 GMT