| onedrive.live.com/download?resid=BD9480D014FE52E5%21728&authkey=!ALxUAatMNPQtjNQ | 13.107.137.11 | 302 Found | 0 B |
URL User Request GET HTTP/2onedrive.live.com/download?resid=BD9480D014FE52E5%21728&authkey=!ALxUAatMNPQtjNQ IP13.107.137.11:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerMicrosoft Corporation Subjectonedrive.com Fingerprint74:60:B4:06:AB:E1:E4:E4:BC:D5:29:ED:EC:F2:EC:D4:C3:67:DD:8A ValidityFri, 29 Mar 2024 05:42:16 GMT - Mon, 24 Mar 2025 05:42:16 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /download?resid=BD9480D014FE52E5%21728&authkey=!ALxUAatMNPQtjNQ HTTP/1.1
Host: onedrive.live.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/html
expires: -1
location: https://wy4mcq.ph.files.1drv.com/y4mDY25X0gg0unRqzbu0-wkc2X7CZg4h-brkfiTjRPK74OkdSOUvJIpw9ZqPWohYc5K9tt3tWrwUW4M65ZNZ8C4wWxs0enbbpUxHlitfrCd5VwLxlCf290PoHJJAjmB37D0NEitHbP9TVAubRrtBZiF1EEyZ85QG0cUBB-XgickUKExQpdeKZ935nSckdBeSUfv7WfmUspCZ-vG0ekM1we9Iw/tnt.txt?download&psid=1
set-cookie: E=P:YpU2NS5e3Ig=:c7MIBIwrfgldM1b9ESAjdzpmlOtgpmq/ezpMfQHN7sk=:F; domain=.live.com; path=/
xid=709b041a-c476-4df4-bb20-5cae9ab11037&&ODSP-ODWEB-ODCF&144; domain=.live.com; path=/
xidseq=1; domain=.live.com; path=/
LD=; domain=.live.com; expires=Tue, 16-Apr-2024 14:19:33 GMT; path=/
wla42=; domain=live.com; expires=Tue, 23-Apr-2024 15:59:34 GMT; path=/
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-msnserver: 88ccbbb55-jxfsc
x-odwebserver: eurwesteur409473-odwebpl
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 158B72308F2C4AA09693E08D52983B86 Ref B: SVG20EDGE0309 Ref C: 2024-04-16T15:59:33Z
date: Tue, 16 Apr 2024 15:59:33 GMT
content-length: 0
X-Firefox-Spdy: h2
|
| wy4mcq.ph.files.1drv.com/y4mDY25X0gg0unRqzbu0-wkc2X7CZg4h-brkfiTjRPK74OkdSOUvJIpw9ZqPWohYc5K9tt3tWrwUW4M65ZNZ8C4wWxs0enbbpUxHlitfrCd5VwLxlCf290PoHJJAjmB37D0NEitHbP9TVAubRrtBZiF1EEyZ85QG0cUBB-XgickUKExQpdeKZ935nSckdBeSUfv7WfmUspCZ-vG0ekM1we9Iw/tnt.txt?download&psid=1 | 13.107.42.12 | 200 OK | 328 kB |
URL User Request GET HTTP/2wy4mcq.ph.files.1drv.com/y4mDY25X0gg0unRqzbu0-wkc2X7CZg4h-brkfiTjRPK74OkdSOUvJIpw9ZqPWohYc5K9tt3tWrwUW4M65ZNZ8C4wWxs0enbbpUxHlitfrCd5VwLxlCf290PoHJJAjmB37D0NEitHbP9TVAubRrtBZiF1EEyZ85QG0cUBB-XgickUKExQpdeKZ935nSckdBeSUfv7WfmUspCZ-vG0ekM1we9Iw/tnt.txt?download&psid=1 IP13.107.42.12:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
CertificateIssuerMicrosoft Corporation Subjectstorage.live.com Fingerprint57:B0:C5:25:28:D0:75:FB:97:40:B6:55:BC:3F:15:BB:49:64:36:85 ValidityThu, 04 Jan 2024 21:21:38 GMT - Sun, 29 Dec 2024 21:21:38 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size328 kB (328364 bytes) Hash367c0381ec99dfd1b18fcf499b27a449 de52fed0a252773db15293d8afa024b51593647b 2328b4b36e4a610449f7b2307828b4b561daff0edbb5a1a6dfbf1d1dab271cbf
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - Base64 encoded file | Public Nextron YARA rules | malware | Detects an base64 encoded executable with reversed characters |
GET /y4mDY25X0gg0unRqzbu0-wkc2X7CZg4h-brkfiTjRPK74OkdSOUvJIpw9ZqPWohYc5K9tt3tWrwUW4M65ZNZ8C4wWxs0enbbpUxHlitfrCd5VwLxlCf290PoHJJAjmB37D0NEitHbP9TVAubRrtBZiF1EEyZ85QG0cUBB-XgickUKExQpdeKZ935nSckdBeSUfv7WfmUspCZ-vG0ekM1we9Iw/tnt.txt?download&psid=1 HTTP/1.1
Host: wy4mcq.ph.files.1drv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public
content-type: text/plain
content-encoding: gzip
content-location: https://wy4mcq.ph.files.1drv.com/y4mhRZm9tEfMVZNc7qdgjx7TFVygXsTUl04f7ILKdm8rHjLvhpWQv92oeBDJzvkXwo26m7AotjgkQ-ByT82kBaYaVmNY01E55mwKYRd0pE1L0pKCwz-IlPtt8-0cPNgGbvzRz1jTPDxtSYzs5dAXibZRAlBXSuE1BagxMy-Ogus94b_0Ue7U2Egd2LEmDrWHeDQ
expires: Mon, 15 Jul 2024 15:59:34 GMT
last-modified: Mon, 15 Apr 2024 02:59:30 GMT
accept-ranges: bytes
etag: BD9480D014FE52E5!728.2
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
x-msnserver: PH2PPF16709CE1A
strict-transport-security: max-age=31536000; includeSubDomains
ms-cv: cCppot14c0OFzDaeAeDzsg.0
x-sqldataorigin: S
ctag: aYzpCRDk0ODBEMDE0RkU1MkU1ITcyOC4yNTc
x-preauthinfo: rv;poba;
content-disposition: attachment; filename="tnt.txt"
x-content-type-options: nosniff
x-streamorigin: X
x-asmversion: UNKNOWN; 19.1381.322.2014
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: FADCEBDD04154524AEDA4A7CCAFB543B Ref B: OSL30EDGE0515 Ref C: 2024-04-16T15:59:34Z
date: Tue, 16 Apr 2024 15:59:34 GMT
X-Firefox-Spdy: h2
|