Network Analysis

GET /download?cid=8CDD9A903CA2B7A1&resid=8CDD9A903CA2B7A1%21121&authkey=AE4pGuvsTEf3vdI HTTP/1.1 User-Agent: lVali Host: onedrive.live.com

HTTP/1.1 302 Found Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html Expires: -1 Location: https://ok0muq.by.files.1drv.com/y4mXn3SB0c_rGmgXxjbH3WmsppOibbL1oZlW_b9zNu1Rx8XhZjP5jfvuXh4_Qxkk7alRd6tzyqugEoIqRqia9VXhCi-qHc4nV1eEqqZYxL09QqabDodVVaeAjr9QKU4OcnvpEiaLJn_lNvvRk5nSRSglAUUEkH2uR3f2HucXpts-XB8ZMJS-8maqxetjB-Cp_5UTXnZqAhAKCsuyMmQrFYK3Q/Oxqfxohrjqryauuonybvsdergonzryw?download&psid=1 Set-Cookie: E=P:9XCBo1yQ2Yg=:mB0DE9EG9pV43Yuq74lP6+TTdijImeVjBOgeP6M+xyw=:F; domain=.live.com; path=/ Set-Cookie: xid=03e78f96-0238-4611-b702-2c4d24871aea&&RDE42AAC93CC36&336; domain=.live.com; path=/ Set-Cookie: xidseq=1; domain=.live.com; path=/ Set-Cookie: LD=; domain=.live.com; expires=Sat, 16-Oct-2021 02:43:00 GMT; path=/ Set-Cookie: wla42=; domain=live.com; expires=Sat, 23-Oct-2021 04:23:00 GMT; path=/ X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-MSNServer: RDE42AAC93CC36 X-ODWebServer: centralus0-odwebpl X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 5C1E939DBA0445639722B310368D9DE4 Ref B: SLAEDGE1112 Ref C: 2021-10-16T04:23:00Z Date: Sat, 16 Oct 2021 04:23:00 GMT Content-Length: 0

GET /y4mXn3SB0c_rGmgXxjbH3WmsppOibbL1oZlW_b9zNu1Rx8XhZjP5jfvuXh4_Qxkk7alRd6tzyqugEoIqRqia9VXhCi-qHc4nV1eEqqZYxL09QqabDodVVaeAjr9QKU4OcnvpEiaLJn_lNvvRk5nSRSglAUUEkH2uR3f2HucXpts-XB8ZMJS-8maqxetjB-Cp_5UTXnZqAhAKCsuyMmQrFYK3Q/Oxqfxohrjqryauuonybvsdergonzryw?download&psid=1 HTTP/1.1 User-Agent: lVali Host: ok0muq.by.files.1drv.com Connection: Keep-Alive

HTTP/1.1 200 OK Cache-Control: public Content-Length: 591872 Content-Type: application/octet-stream Content-Location: https://ok0muq.by.files.1drv.com/y4mTXPkBcg4Wws36jCL2d5J57s-M7EkAyjWt5E9SfglQPPN808Vpsu9Sr0MX-1p_aLQ69YTcMIxiY0sQ2alEn8tMoMEjZ_3QLXio7a0QkUNX1Bfs5slQqTbIBziosYuYdLzxpb5imtsRNsntaCIeMxVl6-Lsq4EzZGXnqhVNurD91rJVptJ6AaaMOVsbSysKUWL Expires: Fri, 14 Jan 2022 04:23:01 GMT Last-Modified: Fri, 15 Oct 2021 06:08:17 GMT Accept-Ranges: bytes ETag: 8CDD9A903CA2B7A1!121.2 P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" X-MSNSERVER: BY3PPFAA1C28AA5 Strict-Transport-Security: max-age=31536000; includeSubDomains MS-CV: MYGLbY52Iki/JZ3w+C8jfA.0 X-SqlDataOrigin: S CTag: aYzo4Q0REOUE5MDNDQTJCN0ExITEyMS4yNTc X-PreAuthInfo: rv;poba; Content-Disposition: attachment; filename="Oxqfxohrjqryauuonybvsdergonzryw" X-Content-Type-Options: nosniff X-StreamOrigin: X X-AsmVersion: UNKNOWN; 19.781.1007.2003 X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: FDDE6DD1CDB043CDA77CB266A99765DF Ref B: SLAEDGE1019 Ref C: 2021-10-16T04:23:00Z Date: Sat, 16 Oct 2021 04:23:00 GMT

GET /download?cid=8CDD9A903CA2B7A1&resid=8CDD9A903CA2B7A1%21121&authkey=AE4pGuvsTEf3vdI HTTP/1.1 User-Agent: aswe Host: onedrive.live.com Cache-Control: no-cache Cookie: E=P:9XCBo1yQ2Yg=:mB0DE9EG9pV43Yuq74lP6+TTdijImeVjBOgeP6M+xyw=:F; xid=03e78f96-0238-4611-b702-2c4d24871aea&&RDE42AAC93CC36&336; xidseq=1; wla42=

HTTP/1.1 302 Found Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html Expires: -1 Location: https://ok0muq.by.files.1drv.com/y4mqHdWeQYGK5cbxmAzdiBSNTk4dffD-Ux0OULCWBTQdnmGloOWxVwE84xYkIhVD9KkYQ9lq_2wnzd0HMh6CgniFyiFiDaIpIHHYq1pIdhQtBjSorBL-s0HLwukMAbS0of6PmckxpqSsT_GI8ycKX1OiicltQgceZjhZoGLoNx40m0l0qTLluxGC1FTgeLgLPGO2srxxLy08oKJJMgx4wFpKA/Oxqfxohrjqryauuonybvsdergonzryw?download&psid=1 Set-Cookie: E=P:IoQBpFyQ2Yg=:8dvNbc6g7TCh3WHh22/Dst+9QRWE8ItVcXeyR11jVus=:F; domain=.live.com; path=/ Set-Cookie: xidseq=2; domain=.live.com; path=/ Set-Cookie: LD=; domain=.live.com; expires=Sat, 16-Oct-2021 02:43:01 GMT; path=/ Set-Cookie: wla42=; domain=live.com; expires=Sat, 23-Oct-2021 04:23:01 GMT; path=/ X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-MSNServer: RDE42AAC93AEEF X-ODWebServer: centralus0-odwebpl X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 44D47D8660C84E5F9141E883E8F47697 Ref B: SLAEDGE1112 Ref C: 2021-10-16T04:23:01Z Date: Sat, 16 Oct 2021 04:23:01 GMT Content-Length: 0

GET /y4mqHdWeQYGK5cbxmAzdiBSNTk4dffD-Ux0OULCWBTQdnmGloOWxVwE84xYkIhVD9KkYQ9lq_2wnzd0HMh6CgniFyiFiDaIpIHHYq1pIdhQtBjSorBL-s0HLwukMAbS0of6PmckxpqSsT_GI8ycKX1OiicltQgceZjhZoGLoNx40m0l0qTLluxGC1FTgeLgLPGO2srxxLy08oKJJMgx4wFpKA/Oxqfxohrjqryauuonybvsdergonzryw?download&psid=1 HTTP/1.1 User-Agent: aswe Host: ok0muq.by.files.1drv.com Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Cache-Control: public Content-Length: 591872 Content-Type: application/octet-stream Content-Location: https://ok0muq.by.files.1drv.com/y4mTXPkBcg4Wws36jCL2d5J57s-M7EkAyjWt5E9SfglQPPN808Vpsu9Sr0MX-1p_aLQ69YTcMIxiY0sQ2alEn8tMoMEjZ_3QLXio7a0QkUNX1Bfs5slQqTbIBziosYuYdLzxpb5imtsRNsntaCIeMxVl6-Lsq4EzZGXnqhVNurD91rJVptJ6AaaMOVsbSysKUWL Expires: Fri, 14 Jan 2022 04:23:01 GMT Last-Modified: Fri, 15 Oct 2021 06:08:17 GMT Accept-Ranges: bytes ETag: 8CDD9A903CA2B7A1!121.2 P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" X-MSNSERVER: BY3PPF697215A98 Strict-Transport-Security: max-age=31536000; includeSubDomains MS-CV: EB4s7r+6cUyfnXQY5lRJfg.0 X-SqlDataOrigin: S CTag: aYzo4Q0REOUE5MDNDQTJCN0ExITEyMS4yNTc X-PreAuthInfo: rv;poba; Content-Disposition: attachment; filename="Oxqfxohrjqryauuonybvsdergonzryw" X-Content-Type-Options: nosniff X-StreamOrigin: X X-AsmVersion: UNKNOWN; 19.781.1007.2003 X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: ABCCAD574D6A450599244736B3D30151 Ref B: SLAEDGE1116 Ref C: 2021-10-16T04:23:01Z Date: Sat, 16 Oct 2021 04:23:01 GMT