Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| obu.duckdns.org | 23.105.131.249 | |
| uyswsg.dm.files.1drv.com |
CNAME
dm-files.fe.1drv.com
CNAME
l-0003.l-msedge.net
|
13.107.42.12 |
| onedrive.live.com |
CNAME
l-0004.l-msedge.net
|
13.107.42.13 |
- UDP Requests
-
-
192.168.56.102:56133 164.124.101.2:53
-
192.168.56.102:57095 164.124.101.2:53
-
192.168.56.102:59606 164.124.101.2:53
-
192.168.56.102:60939 164.124.101.2:53
-
192.168.56.102:137 192.168.56.255:137
-
192.168.56.102:138 192.168.56.255:138
-
192.168.56.102:49152 239.255.255.250:3702
-
192.168.56.102:57098 239.255.255.250:1900
-
52.231.114.183:123 192.168.56.102:123
-
GET
302
https://onedrive.live.com/download?cid=41EB2B5CC67BFAFB&resid=41EB2B5CC67BFAFB%21279&authkey=AE4lM9-dWDlnk5M
REQUEST
RESPONSE
BODY
GET /download?cid=41EB2B5CC67BFAFB&resid=41EB2B5CC67BFAFB%21279&authkey=AE4lM9-dWDlnk5M HTTP/1.1
User-Agent: lVali
Host: onedrive.live.com
HTTP/1.1 302 Found
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: -1
Location: https://uyswsg.dm.files.1drv.com/y4mDeUVi_IF4n8PFxNeS3ZP3N8j30uTCHJOLvt4UywZGTyIo9gzCAm3pU8-8inKsCuYsT0szREzkRjamjs61-CP26B_EOuc1UhW15cjJK3Mibx9pOx8n-QJB_058SuEknw-v6tIhRgf9QjeKr52sBoX66m_zoX51zMCrBb7ANdBhMJJTMrj9y1ts_HCYMI6qWP_w0uucU9U24v1rxfAFjwZ1A/Rzkqpszzdurxnlnajtoxoriqvrktmlz?download&psid=1
Set-Cookie: E=P:H1u+OCDw2Yg=:sjgAaGV9J1sBZWgeziufGFpV3w++LQmt1LJmGKLkVTg=:F; domain=.live.com; path=/
Set-Cookie: xid=3bfe2239-f130-4647-b4f7-a0d6ba8b5d22&&RDE42AAC9406A0&79; domain=.live.com; path=/
Set-Cookie: xidseq=1; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Mon, 14-Feb-2022 23:32:23 GMT; path=/
Set-Cookie: wla42=; domain=live.com; expires=Tue, 22-Feb-2022 01:12:23 GMT; path=/
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-MSNServer: RDE42AAC9406A0
X-ODWebServer: centralus0-odwebpl
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 1B16D8E755044153AAC76A24C90F16B1 Ref B: SLAEDGE1422 Ref C: 2022-02-15T01:12:23Z
Date: Tue, 15 Feb 2022 01:12:23 GMT
Content-Length: 0
GET
200
https://uyswsg.dm.files.1drv.com/y4mDeUVi_IF4n8PFxNeS3ZP3N8j30uTCHJOLvt4UywZGTyIo9gzCAm3pU8-8inKsCuYsT0szREzkRjamjs61-CP26B_EOuc1UhW15cjJK3Mibx9pOx8n-QJB_058SuEknw-v6tIhRgf9QjeKr52sBoX66m_zoX51zMCrBb7ANdBhMJJTMrj9y1ts_HCYMI6qWP_w0uucU9U24v1rxfAFjwZ1A/Rzkqpszzdurxnlnajtoxoriqvrktmlz?download&psid=1
REQUEST
RESPONSE
BODY
GET /y4mDeUVi_IF4n8PFxNeS3ZP3N8j30uTCHJOLvt4UywZGTyIo9gzCAm3pU8-8inKsCuYsT0szREzkRjamjs61-CP26B_EOuc1UhW15cjJK3Mibx9pOx8n-QJB_058SuEknw-v6tIhRgf9QjeKr52sBoX66m_zoX51zMCrBb7ANdBhMJJTMrj9y1ts_HCYMI6qWP_w0uucU9U24v1rxfAFjwZ1A/Rzkqpszzdurxnlnajtoxoriqvrktmlz?download&psid=1 HTTP/1.1
User-Agent: lVali
Host: uyswsg.dm.files.1drv.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: public
Content-Length: 328192
Content-Type: application/octet-stream
Content-Location: https://uyswsg.dm.files.1drv.com/y4mg6kMcY3AaDMjzFpuI_rm1MyXBnsAoZikBrrEWZd56lnz168fJx1H1LhPEMU-QKZekeiRktYh3kVSWRxR1ysDE9zbVV9audPET3PLHRe8LUqWTnJYCO7hQlQ2eciTngCPSOotIFmGVlZhz_0vq4C0185T2dBTjqu5sG5SRVmzmnHfjjJeBSVMbp7v35XvEr1L
Expires: Mon, 16 May 2022 01:12:23 GMT
Last-Modified: Mon, 14 Feb 2022 09:15:25 GMT
Accept-Ranges: bytes
ETag: 41EB2B5CC67BFAFB!279.2
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-MSNSERVER: DM5SCH102230913
Strict-Transport-Security: max-age=31536000; includeSubDomains
MS-CV: MbIVaLjEJUOPI9mzz+lTOQ.0
X-SqlDataOrigin: S
CTag: aYzo0MUVCMkI1Q0M2N0JGQUZCITI3OS4yNTc
X-PreAuthInfo: rv;poba;
Content-Disposition: attachment; filename="Rzkqpszzdurxnlnajtoxoriqvrktmlz"
X-Content-Type-Options: nosniff
X-StreamOrigin: X
X-AsmVersion: UNKNOWN; 19.840.125.2006
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: F9C0E6D2EDC7466A90CDBD57BD2FFE09 Ref B: SLAEDGE1410 Ref C: 2022-02-15T01:12:23Z
Date: Tue, 15 Feb 2022 01:12:23 GMT
GET
302
https://onedrive.live.com/download?cid=41EB2B5CC67BFAFB&resid=41EB2B5CC67BFAFB%21279&authkey=AE4lM9-dWDlnk5M
REQUEST
RESPONSE
BODY
GET /download?cid=41EB2B5CC67BFAFB&resid=41EB2B5CC67BFAFB%21279&authkey=AE4lM9-dWDlnk5M HTTP/1.1
User-Agent: 23
Host: onedrive.live.com
Cache-Control: no-cache
Cookie: E=P:H1u+OCDw2Yg=:sjgAaGV9J1sBZWgeziufGFpV3w++LQmt1LJmGKLkVTg=:F; xid=3bfe2239-f130-4647-b4f7-a0d6ba8b5d22&&RDE42AAC9406A0&79; xidseq=1; wla42=
HTTP/1.1 302 Found
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: -1
Location: https://uyswsg.dm.files.1drv.com/y4mDeUVi_IF4n8PFxNeS3ZP3N8j30uTCHJOLvt4UywZGTyIo9gzCAm3pU8-8inKsCuYsT0szREzkRjamjs61-CP26B_EOuc1UhW15cjJK3Mibx9pOx8n-QJB_058SuEknw-v6tIhRgf9QjeKr52sBoX66m_zoX51zMCrBb7ANdBhMJJTMrj9y1ts_HCYMI6qWP_w0uucU9U24v1rxfAFjwZ1A/Rzkqpszzdurxnlnajtoxoriqvrktmlz?download&psid=1
Set-Cookie: E=P:gZE6OSDw2Yg=:1RtTuzzpR8AWv2YhijiVgaBqBNbewfx/4Ryb5MK8O5k=:F; domain=.live.com; path=/
Set-Cookie: xidseq=2; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Mon, 14-Feb-2022 23:32:23 GMT; path=/
Set-Cookie: wla42=; domain=live.com; expires=Tue, 22-Feb-2022 01:12:24 GMT; path=/
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-MSNServer: RDE42AAC93E760
X-ODWebServer: centralus0-odwebpl
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 029EEBB1D66D4F87B489EB350382B60A Ref B: SLAEDGE1422 Ref C: 2022-02-15T01:12:23Z
Date: Tue, 15 Feb 2022 01:12:24 GMT
Content-Length: 0
GET
200
https://uyswsg.dm.files.1drv.com/y4mDeUVi_IF4n8PFxNeS3ZP3N8j30uTCHJOLvt4UywZGTyIo9gzCAm3pU8-8inKsCuYsT0szREzkRjamjs61-CP26B_EOuc1UhW15cjJK3Mibx9pOx8n-QJB_058SuEknw-v6tIhRgf9QjeKr52sBoX66m_zoX51zMCrBb7ANdBhMJJTMrj9y1ts_HCYMI6qWP_w0uucU9U24v1rxfAFjwZ1A/Rzkqpszzdurxnlnajtoxoriqvrktmlz?download&psid=1
REQUEST
RESPONSE
BODY
GET /y4mDeUVi_IF4n8PFxNeS3ZP3N8j30uTCHJOLvt4UywZGTyIo9gzCAm3pU8-8inKsCuYsT0szREzkRjamjs61-CP26B_EOuc1UhW15cjJK3Mibx9pOx8n-QJB_058SuEknw-v6tIhRgf9QjeKr52sBoX66m_zoX51zMCrBb7ANdBhMJJTMrj9y1ts_HCYMI6qWP_w0uucU9U24v1rxfAFjwZ1A/Rzkqpszzdurxnlnajtoxoriqvrktmlz?download&psid=1 HTTP/1.1
User-Agent: 23
Host: uyswsg.dm.files.1drv.com
Cache-Control: no-cache
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: public
Content-Length: 328192
Content-Type: application/octet-stream
Content-Location: https://uyswsg.dm.files.1drv.com/y4mg6kMcY3AaDMjzFpuI_rm1MyXBnsAoZikBrrEWZd56lnz168fJx1H1LhPEMU-QKZekeiRktYh3kVSWRxR1ysDE9zbVV9audPET3PLHRe8LUqWTnJYCO7hQlQ2eciTngCPSOotIFmGVlZhz_0vq4C0185T2dBTjqu5sG5SRVmzmnHfjjJeBSVMbp7v35XvEr1L
Expires: Mon, 16 May 2022 01:12:24 GMT
Last-Modified: Mon, 14 Feb 2022 09:15:25 GMT
Accept-Ranges: bytes
ETag: 41EB2B5CC67BFAFB!279.2
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-MSNSERVER: DS1PPF3E78008FB
Strict-Transport-Security: max-age=31536000; includeSubDomains
MS-CV: rUjpNUdjskGfUBJuBoSG3w.0
X-SqlDataOrigin: S
CTag: aYzo0MUVCMkI1Q0M2N0JGQUZCITI3OS4yNTc
X-PreAuthInfo: rv;poba;
Content-Disposition: attachment; filename="Rzkqpszzdurxnlnajtoxoriqvrktmlz"
X-Content-Type-Options: nosniff
X-StreamOrigin: X
X-AsmVersion: UNKNOWN; 19.840.125.2006
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 605DA7054429484DBA5B14802190431A Ref B: SLAEDGE1217 Ref C: 2022-02-15T01:12:24Z
Date: Tue, 15 Feb 2022 01:12:23 GMT
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts