Network Analysis

GET /download?cid=14EB58B8CF359D9A&resid=14EB58B8CF359D9A%21155&authkey=APd1iRnpgRA5xpE HTTP/1.1 User-Agent: lVali Host: onedrive.live.com

HTTP/1.1 302 Found Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html Expires: -1 Location: https://tavrqq.dm.files.1drv.com/y4m_jYYGZjXaxhmYPyypZbVVDklvotJhAJ7fqA2T_rMQMHZybsrmx_Dedj0q39tfGzdMSw6zBPkwhuj0VkIfWzl7p_YosQ3j_vVv1FFL7uJ-Z7jy59gUj8u0SkqG726WoCzWv9jBsRT4kEJpyLAzEnSRKhs3-_LLMjN9Fs6vi_yv2n4urjrD7tAbEkD5-O7ZUxRg3cPjnQ4s9gTQonUPu4ocg/Iruyancquvodbegkrskmpvfthsqwgck?download&psid=1 Set-Cookie: E=P:TCjRcCTw2Yg=:5TcwjYVvMlReiwS3TjzLiyXgWT8X/APXbZ2u7hYsZ+k=:F; domain=.live.com; path=/ Set-Cookie: xid=19bae371-7eeb-4ec3-8a0b-90e69dc4c23e&&RD00155D5E85C9&79; domain=.live.com; path=/ Set-Cookie: xidseq=1; domain=.live.com; path=/ Set-Cookie: LD=; domain=.live.com; expires=Tue, 15-Feb-2022 00:02:35 GMT; path=/ Set-Cookie: wla42=; domain=live.com; expires=Tue, 22-Feb-2022 01:42:35 GMT; path=/ X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-MSNServer: RD00155D5E85C9 X-ODWebServer: canadaeast0-odwebpl X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: E403B1CE1EC646DBAF2D13D911F9BA40 Ref B: SLAEDGE1422 Ref C: 2022-02-15T01:42:35Z Date: Tue, 15 Feb 2022 01:42:35 GMT Content-Length: 0

GET /y4m_jYYGZjXaxhmYPyypZbVVDklvotJhAJ7fqA2T_rMQMHZybsrmx_Dedj0q39tfGzdMSw6zBPkwhuj0VkIfWzl7p_YosQ3j_vVv1FFL7uJ-Z7jy59gUj8u0SkqG726WoCzWv9jBsRT4kEJpyLAzEnSRKhs3-_LLMjN9Fs6vi_yv2n4urjrD7tAbEkD5-O7ZUxRg3cPjnQ4s9gTQonUPu4ocg/Iruyancquvodbegkrskmpvfthsqwgck?download&psid=1 HTTP/1.1 User-Agent: lVali Host: tavrqq.dm.files.1drv.com Connection: Keep-Alive

HTTP/1.1 200 OK Cache-Control: public Content-Length: 280576 Content-Type: application/octet-stream Content-Location: https://tavrqq.dm.files.1drv.com/y4m84xJC4diLg17hH8BE2ncy3DKeLtDopOs9lmgNtUTTSMvs5V-MYlXnxW7VZo5gPJ_fqrJpX-gtvXDwqaHxN2QOJ4XaYEpOSKYqYM_cr-LPABbkdvBmMIAKx3m2BHwKpqQ74ABcaRT0DGjYL5kgCFeB-gEnCZWiS9uVwHXZlAKUPsiakZAWRxT-Gzme5HvPX-u Expires: Mon, 16 May 2022 01:42:36 GMT Last-Modified: Mon, 14 Feb 2022 04:55:14 GMT Accept-Ranges: bytes ETag: 14EB58B8CF359D9A!155.2 P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" X-MSNSERVER: DM5SCH102230408 Strict-Transport-Security: max-age=31536000; includeSubDomains MS-CV: Y0E9fwxZTE2BzdQGDD0Kig.0 X-SqlDataOrigin: S CTag: aYzoxNEVCNThCOENGMzU5RDlBITE1NS4yNTc X-PreAuthInfo: rv;poba; Content-Disposition: attachment; filename="Iruyancquvodbegkrskmpvfthsqwgck" X-Content-Type-Options: nosniff X-StreamOrigin: X X-AsmVersion: UNKNOWN; 19.840.125.2006 X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: C71B88FE11FD451EA47C9ACAEDD41C84 Ref B: SLAEDGE1410 Ref C: 2022-02-15T01:42:35Z Date: Tue, 15 Feb 2022 01:42:35 GMT

GET /download?cid=14EB58B8CF359D9A&resid=14EB58B8CF359D9A%21155&authkey=APd1iRnpgRA5xpE HTTP/1.1 User-Agent: 53 Host: onedrive.live.com Cache-Control: no-cache Cookie: E=P:TCjRcCTw2Yg=:5TcwjYVvMlReiwS3TjzLiyXgWT8X/APXbZ2u7hYsZ+k=:F; xid=19bae371-7eeb-4ec3-8a0b-90e69dc4c23e&&RD00155D5E85C9&79; xidseq=1; wla42=

HTTP/1.1 302 Found Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html Expires: -1 Location: https://tavrqq.dm.files.1drv.com/y4mnXctjl36DZwB8cfChW-YDsiUPc1AF1Dxp2wUVZ1jIE-ZkSY0lpEgtUwgfGN8CnpeLJ6WE4dpDUBdy-nWJ_0q0moaCVVbze0Cd1PHNYObhJ4ZCLxtcR8K_NH2nukmYe2aUQ6o0Kktx5140bcB9musb8eNwjKf86ZjncVjzL2wVoFIDFRTr7A8Yw99GsxD3Y2zzHKbNcUkhzq7f0XkAW_XyQ/Iruyancquvodbegkrskmpvfthsqwgck?download&psid=1 Set-Cookie: E=P:RrVycSTw2Yg=:7W2tqCtSC/iPErMrMo+DCAvsdyeD5ND1OQ9vOcbGRxk=:F; domain=.live.com; path=/ Set-Cookie: xidseq=2; domain=.live.com; path=/ Set-Cookie: LD=; domain=.live.com; expires=Tue, 15-Feb-2022 00:02:36 GMT; path=/ Set-Cookie: wla42=; domain=live.com; expires=Tue, 22-Feb-2022 01:42:36 GMT; path=/ X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-MSNServer: RD0004FFA72148 X-ODWebServer: canadaeast0-odwebpl X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 55DFEC09B2CF49E9BF78627AAE1FFA30 Ref B: SLAEDGE1422 Ref C: 2022-02-15T01:42:36Z Date: Tue, 15 Feb 2022 01:42:36 GMT Content-Length: 0

GET /y4mnXctjl36DZwB8cfChW-YDsiUPc1AF1Dxp2wUVZ1jIE-ZkSY0lpEgtUwgfGN8CnpeLJ6WE4dpDUBdy-nWJ_0q0moaCVVbze0Cd1PHNYObhJ4ZCLxtcR8K_NH2nukmYe2aUQ6o0Kktx5140bcB9musb8eNwjKf86ZjncVjzL2wVoFIDFRTr7A8Yw99GsxD3Y2zzHKbNcUkhzq7f0XkAW_XyQ/Iruyancquvodbegkrskmpvfthsqwgck?download&psid=1 HTTP/1.1 User-Agent: 53 Host: tavrqq.dm.files.1drv.com Cache-Control: no-cache Connection: Keep-Alive

HTTP/1.1 200 OK Cache-Control: public Content-Length: 280576 Content-Type: application/octet-stream Content-Location: https://tavrqq.dm.files.1drv.com/y4m84xJC4diLg17hH8BE2ncy3DKeLtDopOs9lmgNtUTTSMvs5V-MYlXnxW7VZo5gPJ_fqrJpX-gtvXDwqaHxN2QOJ4XaYEpOSKYqYM_cr-LPABbkdvBmMIAKx3m2BHwKpqQ74ABcaRT0DGjYL5kgCFeB-gEnCZWiS9uVwHXZlAKUPsiakZAWRxT-Gzme5HvPX-u Expires: Mon, 16 May 2022 01:42:37 GMT Last-Modified: Mon, 14 Feb 2022 04:55:14 GMT Accept-Ranges: bytes ETag: 14EB58B8CF359D9A!155.2 P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" X-MSNSERVER: DM5SCH102211308 Strict-Transport-Security: max-age=31536000; includeSubDomains MS-CV: fswiMZ/N10WcpphqVcuofQ.0 X-SqlDataOrigin: S CTag: aYzoxNEVCNThCOENGMzU5RDlBITE1NS4yNTc X-PreAuthInfo: rv;poba; Content-Disposition: attachment; filename="Iruyancquvodbegkrskmpvfthsqwgck" X-Content-Type-Options: nosniff X-StreamOrigin: X X-AsmVersion: UNKNOWN; 19.840.125.2006 X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 35780E237CF44B91AE76A80870552425 Ref B: SLAEDGE1217 Ref C: 2022-02-15T01:42:36Z Date: Tue, 15 Feb 2022 01:42:36 GMT